http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&feed=atom&action=historyIPFIREWALL (IPFW) Firewall - Revision history2024-03-29T15:06:25ZRevision history for this page on the wikiMediaWiki 1.18.0http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13178&oldid=prev173.88.199.104 at 22:48, 13 August 20122012-08-13T22:48:12Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:48, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 803:</td>
<td colspan="2" class="diff-lineno">Line 803:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>################ End of IPFW rules file ###############################</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>################ End of IPFW rules file ###############################</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">[[Category:Securing FreeBSD]]</ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13177:newid:13178 -->
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13177&oldid=prev173.88.199.104 at 22:35, 13 August 20122012-08-13T22:35:45Z<p></p>
<a href="http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13177&oldid=13176">Show changes</a>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13176&oldid=prev173.88.199.104: /* Example Inclusive Rule Set */2012-08-13T22:31:43Z<p><span class="autocomment">Example Inclusive Rule Set</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:31, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 486:</td>
<td colspan="2" class="diff-lineno">Line 486:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Deny all inbound traffic from non-routable reserved address spaces</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Deny all inbound traffic from non-routable reserved address spaces</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00300 deny all from 192.168.0.0/16 to any in via $pif  #RFC 1918 private IP</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00300 deny all from 192.168.0.0/16 to any in via $pif  #RFC 1918 private IP</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>$cmd 00301 deny all from 172.16.0.0/12 to anyin via $pif <del class="diffchange diffchange-inline">    </del>#RFC 1918 private IP</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>$cmd 00301 deny all from 172.16.0.0/12 to anyin via $pif <ins class="diffchange diffchange-inline">  </ins>#RFC 1918 private IP</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>$cmd 00302 deny all from 10.0.0.0/8 to anyin via $pif <del class="diffchange diffchange-inline">        </del>#RFC 1918 private IP</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>$cmd 00302 deny all from 10.0.0.0/8 to anyin via $pif <ins class="diffchange diffchange-inline">      </ins>#RFC 1918 private IP</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>$cmd 00303 deny all from 127.0.0.0/8 to anyin via $pif <del class="diffchange diffchange-inline">      </del>#loopback</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>$cmd 00303 deny all from 127.0.0.0/8 to anyin via $pif <ins class="diffchange diffchange-inline">    </ins>#loopback</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00304 deny all from 0.0.0.0/8 to anyin via $pif            #loopback</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00304 deny all from 0.0.0.0/8 to anyin via $pif            #loopback</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00305 deny all from 169.254.0.0/16 to anyin via $pif  #DHCP auto-config</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00305 deny all from 169.254.0.0/16 to anyin via $pif  #DHCP auto-config</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>$cmd 00306 deny all from 192.0.2.0/24 to anyin via $pif <del class="diffchange diffchange-inline">      </del>#reserved for doc's</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>$cmd 00306 deny all from 192.0.2.0/24 to anyin via $pif <ins class="diffchange diffchange-inline">    </ins>#reserved for doc's</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00307 deny all from 204.152.64.0/23 to anyin via $pif  #Sun cluster interconnect</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>$cmd 00307 deny all from 204.152.64.0/23 to anyin via $pif  #Sun cluster interconnect</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>$cmd 00308 deny all from 224.0.0.0/3 to anyin via $pif <del class="diffchange diffchange-inline">        </del>#Class D & E multicast</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>$cmd 00308 deny all from 224.0.0.0/3 to anyin via $pif <ins class="diffchange diffchange-inline">    </ins>#Class D & E multicast</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Deny public pings</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Deny public pings</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13175:newid:13176 -->
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13175&oldid=prev173.88.199.104 at 22:28, 13 August 20122012-08-13T22:28:33Z<p></p>
<a href="http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13175&oldid=13174">Show changes</a>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13174&oldid=prev173.88.199.104: /* Building Rule Script */2012-08-13T22:25:36Z<p><span class="autocomment">Building Rule Script</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:25, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 337:</td>
<td colspan="2" class="diff-lineno">Line 337:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The same thing could also to accomplished doing it this way as a text file</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The same thing could also to accomplished doing it this way as a text file</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q -f flush</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q -f flush</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add check-state</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add check-state</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 344:</td>
<td colspan="2" class="diff-lineno">Line 345:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add allow tcp from any to 192.0.2.11 53 out via tun0 setup keep-state  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add allow tcp from any to 192.0.2.11 53 out via tun0 setup keep-state  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add 00611 allow udp from any to 192.0.2.11 53 out via tun0 keep-state</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw -q add 00611 allow udp from any to 192.0.2.11 53 out via tun0 keep-state</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13173:newid:13174 -->
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13173&oldid=prev173.88.199.104: /* Rule Syntax */2012-08-13T22:23:18Z<p><span class="autocomment">Rule Syntax</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 22:23, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 141:</td>
<td colspan="2" class="diff-lineno">Line 141:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div><pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div><pre></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div># is used to mark the start of a comment and may appear at the end of a rule line or on its own line. Blank lines are ignored.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div># is used to mark the start of a comment and may appear at  </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>the end of a rule line or on its own line. Blank lines are ignored.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 187:</td>
<td colspan="2" class="diff-lineno">Line 188:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     When a packet matches a rule with the log keyword, a message will be</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     When a packet matches a rule with the log keyword, a message will be</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     logged to syslogd with a facility name of SECURITY. The logging <del class="diffchange diffchange-inline">only occurs </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     logged to syslogd with a facility name of SECURITY. The logging  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     if the number of packets logged so far for that <del class="diffchange diffchange-inline">particular</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">only occurs </ins>if the number of packets logged so far for that</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     rule does not exceed the logamount parameter. If no <del class="diffchange diffchange-inline">logamount is</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">particular </ins>rule does not exceed the logamount parameter. If no</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     specified, the limit is taken from the sysctl variable</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">logamount is </ins>specified, the limit is taken from the sysctl variable</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     net.inet.ip.fw.verbose_limit. In both cases, a value of zero removes</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     net.inet.ip.fw.verbose_limit. In both cases, a value of zero removes</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     the logging limit. Once the limit is reached, logging can be  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     the logging limit. Once the limit is reached, logging can be  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     re-enabled by clearing the logging counter or the packet counter for</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     re-enabled by clearing the logging counter or the packet counter for</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     that rule. See the ipfw reset log command.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     that rule. See the ipfw reset log command.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     Note: logging is done after all other packet matching conditions <del class="diffchange diffchange-inline">have</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     Note: logging is done after all other packet matching conditions  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     been successfully verified and before performing the final <del class="diffchange diffchange-inline">action</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">have </ins>been successfully verified and before performing the final  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     <del class="diffchange diffchange-inline">(</del>accept, deny) on the packet. It’s up to you to decide which <del class="diffchange diffchange-inline">rules</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">action </ins>accept, deny) on the packet. It’s up to you to decide which</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>     you want to enable logging on.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>     <ins class="diffchange diffchange-inline">rules </ins>you want to enable logging on.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 206:</td>
<td colspan="2" class="diff-lineno">Line 207:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The keywords described in this section are used to describe attributes of the packet to be interrogated when determining whether rules match or don't match the packet. The following general-purpose attributes are provided for matching and must be used in this order:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The keywords described in this section are used to describe attributes of the packet to be interrogated when determining whether rules match or don't match the packet. The following general-purpose attributes are provided for matching and must be used in this order:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     udp | tcp | icmp   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     udp | tcp | icmp   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         or any protocol names found in /etc/protocols are recognized  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         or any protocol names found in /etc/protocols are recognized  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         and may be used. The value specified is the protocol to be <del class="diffchange diffchange-inline">matched</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         and may be used. The value specified is the protocol to be</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         against. This is a mandatory requirement.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">matched </ins>against. This is a mandatory requirement.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     from src to dst  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     from src to dst  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         The from and to keywords are used to match against IP <del class="diffchange diffchange-inline">addresses. </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         The from and to keywords are used to match against IP</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         Rules must specify BOTH source and destination parameters.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">addresses. </ins>Rules must specify BOTH source and destination</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         any is a special keyword that matches any IP address.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        </ins>parameters.  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         me is a special keyword that matches any IP address <del class="diffchange diffchange-inline">configured </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">'</ins>any<ins class="diffchange diffchange-inline">' </ins>is a special keyword that matches any IP address.  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         on an interface in your FBSD system to represent the <del class="diffchange diffchange-inline">PC </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">'</ins>me<ins class="diffchange diffchange-inline">' </ins>is a special keyword that matches any IP address</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         the firewall is running on. (IE: this box)  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">configured </ins>on an interface in your FBSD system to represent the</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">PC </ins>the firewall is running on. (IE: this box)  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         As in from me to any or from any to me or from 0.0.0.0/0 to any  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         As in <ins class="diffchange diffchange-inline">'</ins>from me to any<ins class="diffchange diffchange-inline">' </ins>or from <ins class="diffchange diffchange-inline">'</ins>any to me<ins class="diffchange diffchange-inline">' </ins>or  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">        </del>or from any to 0.0.0.0/0 or from 0.0.0.0 to any or  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        '</ins>from 0.0.0.0/0 to any<ins class="diffchange diffchange-inline">' </ins>or from <ins class="diffchange diffchange-inline">'</ins>any to 0.0.0.0/0<ins class="diffchange diffchange-inline">' </ins>or  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">        </del>from any to 0.0.0.0 or from me to 0.0.0.0  IP addresses are  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        '</ins>from 0.0.0.0 to any<ins class="diffchange diffchange-inline">' </ins>or <ins class="diffchange diffchange-inline">'</ins>from any to 0.0.0.0<ins class="diffchange diffchange-inline">' </ins>or from  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">        </del>specified as a dotted IP address numeric form/mask-length or  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        '</ins>me to 0.0.0.0<ins class="diffchange diffchange-inline">' </ins> IP addresses are specified as a dotted IP</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">        </del>as single dotted IP address numeric form.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        </ins>address numeric form/mask-length or as single dotted IP address</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">        </ins>numeric form.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         This is a mandatory requirement. See this link for  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         This is a mandatory requirement. See this link for  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         help on writing mask-lengths. http://jodies.de/ipcalc</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         help on writing mask-lengths. http://jodies.de/ipcalc</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 251:</td>
<td colspan="2" class="diff-lineno">Line 255:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         This is a mandatory keyword. Upon a match, the firewall will</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         This is a mandatory keyword. Upon a match, the firewall will</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         create a dynamic rule whose default behavior is to match  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         create a dynamic rule whose default behavior is to match  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         bidirectional traffic between source and destination IP/port <del class="diffchange diffchange-inline">using</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         bidirectional traffic between source and destination IP/port</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         the same protocol.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         <ins class="diffchange diffchange-inline">using </ins>the same protocol.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     limit {src-addr | src-port | dst-addr | dst-port}</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     limit {src-addr | src-port | dst-addr | dst-port}</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 260:</td>
<td colspan="2" class="diff-lineno">Line 264:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         The ‘limit’ and 'keep-state’ cannot be used on same rule.  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         The ‘limit’ and 'keep-state’ cannot be used on same rule.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         Limit provides the same stateful function as ‘keep-state’  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         Limit provides the same stateful function as ‘keep-state’  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>         plus its own functions.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>         plus its own functions.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"></pre></ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Stateful Rule Option ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Stateful Rule Option ==</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13172:newid:13173 -->
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13172&oldid=prev173.88.199.104 at 22:00, 13 August 20122012-08-13T22:00:39Z<p></p>
<a href="http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13172&oldid=13171">Show changes</a>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13171&oldid=prev173.88.199.104: /* IPFW Command */2012-08-13T21:54:18Z<p><span class="autocomment">IPFW Command</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:54, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 87:</td>
<td colspan="2" class="diff-lineno">Line 87:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You would enter on the FBSD command line one of the following forms of the list command.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>You would enter on the FBSD command line one of the following forms of the list command.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw list          List all rules in rule number sequence.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw list          List all rules in rule number sequence.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 109:</td>
<td colspan="2" class="diff-lineno">Line 110:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw zero number  Clear accounting counter just for this rule number.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>ipfw zero number  Clear accounting counter just for this rule number.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>ipfw show | more <del class="diffchange diffchange-inline">  </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>ipfw show | more</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"></pre></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>If you have a big rule set with dynamic rules it will scroll off the screen. Suffix the command with ‘ | more’ which will only display the first screen full, and then you have to use the arrow keys or enter key to scroll down through the info.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>If you have a big rule set with dynamic rules it will scroll off the screen. Suffix the command with ‘ | more’ which will only display the first screen full, and then you have to use the arrow keys or enter key to scroll down through the info.</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13170:newid:13171 -->
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13170&oldid=prev173.88.199.104: /* Kernel options */2012-08-13T21:52:22Z<p><span class="autocomment">Kernel options</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:52, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 41:</td>
<td colspan="2" class="diff-lineno">Line 41:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Sample kernel source IPFW options statements are in the /usr/src/sys/i386/conf/LINT kernel source and are reproduced here.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Sample kernel source IPFW options statements are in the /usr/src/sys/i386/conf/LINT kernel source and are reproduced here.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL_VERBOSE  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL_VERBOSE  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL_VERBOSE_LIMIT=5</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>options IPFIREWALL_VERBOSE_LIMIT=5</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>option  IPDIVERT               </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>option  IPDIVERT               </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>IPFIREWALL This tells the compile to include IPFW as part of the kernel.  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>IPFIREWALL This tells the compile to include IPFW as part of the kernel.  </div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 57:</td>
<td colspan="2" class="diff-lineno">Line 58:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A complete list of the IPFW options statements are in /usr/src/sys/i386/conf/LINT  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>A complete list of the IPFW options statements are in /usr/src/sys/i386/conf/LINT  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Installer note: After compiling IPFW into your kernel you lose the ability to access all private LAN and public Internet networks, until you enable IPFW in rc.conf and reboot.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Installer note: After compiling IPFW into your kernel you lose the ability to access all private LAN and public Internet networks, until you enable IPFW in rc.conf and reboot.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== RC.CONF Options ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== RC.CONF Options ==</div></td></tr>
</table>173.88.199.104http://freebsdwiki.net/index.php?title=IPFIREWALL_(IPFW)_Firewall&diff=13169&oldid=prev173.88.199.104: /* Enabling IPFW */2012-08-13T21:50:51Z<p><span class="autocomment">Enabling IPFW</span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:50, 13 August 2012</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 29:</td>
<td colspan="2" class="diff-lineno">Line 29:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>To set the verbose limit, there is a knob you can set in sysctl.conf by adding this statement to the file:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>To set the verbose limit, there is a knob you can set in sysctl.conf by adding this statement to the file:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     ee /etc/sysctl.conf</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     ee /etc/sysctl.conf</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     net.inet.ip.fw.verbose_limit=5</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     net.inet.ip.fw.verbose_limit=5</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"></pre></ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Kernel options ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== Kernel options ==</div></td></tr>
<!-- diff cache key bsdwiki:diff:version:1.11a:oldid:13168:newid:13169 -->
</table>173.88.199.104