From owner-doc-jp@jp.freebsd.org  Thu Oct  7 11:46:10 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA67450;
	Thu, 7 Oct 1999 11:46:10 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from mail.kt.rim.or.jp (root@mail.kt.rim.or.jp [202.247.130.53])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA67445
	for <doc-jp@jp.freebsd.org>; Thu, 7 Oct 1999 11:46:10 +0900 (JST)
	(envelope-from kuriyama@sky.rim.or.jp)
Received: from rhea.sky.rim.or.jp (ppp378.kt.rim.or.jp [202.247.140.78])
	by mail.kt.rim.or.jp (8.8.8/3.6W-RIMNET-98-06-09) with ESMTP id LAA19136
	for <doc-jp@jp.freebsd.org>; Thu, 7 Oct 1999 11:46:08 +0900 (JST)
Received: from localhost.sky.rim.or.jp (localhost [127.0.0.1])
	by rhea.sky.rim.or.jp (8.9.3/3.7W/rhea-1.1) with ESMTP id LAA19024
	for <doc-jp@jp.freebsd.org>; Thu, 7 Oct 1999 11:46:05 +0900 (JST)
Date: Thu, 07 Oct 1999 11:46:03 +0900
Message-ID: <14332.2411.507844.54448V@localhost.sky.rim.or.jp>
From: Jun Kuriyama <kuriyama@sky.rim.or.jp>
To: Japanese Documentation Project <doc-jp@jp.freebsd.org>
User-Agent: Wanderlust/1.0.3 (Notorious) SEMI/1.13.3 (Komaiko) FLIM/1.12.5 (Hirahata) MULE XEmacs/20.4 (Emerald) (i386--freebsd)
MIME-Version: 1.0 (generated by SEMI 1.13.3 - "Komaiko")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 6757
Subject: [doc-jp 6757] <handbook> security/chapter.sgml
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: kuriyama@sky.rim.or.jp


$B!!:G6a$N%j%j!<%9$G$N@_DjJ}K!$K9g$o$;$F=q$-D>$7$F$k$N$+$J!)!!C;$a!#(B


Index: chapter.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO_8859-1/books/handbook/security/chapter.sgml,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- chapter.sgml	1999/05/16 13:26:28	1.14
+++ chapter.sgml	1999/05/25 17:05:50	1.15
@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $Id: chapter.sgml,v 1.13 1999/04/08 21:33:23 nik Exp $
+     $Id: chapter.sgml,v 1.14 1999/05/16 13:26:28 nik Exp $
 -->
 
 <chapter id="security">
@@ -1529,25 +1529,18 @@
 	  is located on.</para>
       </note>
 	  
-      <para>As currently supplied, FreeBSD does not have the ability to load
-	firewall rules at boot time.  My suggestion is to put a call to a
-	shell script in the <filename>/etc/netstart</filename> script.  Put
-	the call early enough in the netstart file so that the firewall is
-	configured before any of the IP interfaces are configured.  This means
-	that there is no window during which time your network is open.</para>
-	  
-      <para>The actual script used to load the rules is entirely up to you.
-	There is currently no support in the <command>ipfw</command> utility
-	for loading multiple rules in the one command.  The system I use is to
-	use the command:</para>
-      
-      <screen>&prompt.root; <userinput>ipfw list</userinput></screen>
-      
-      <para>to write a list of the current rules out to a file, and then use a
-	text editor to prepend <literal>ipfw </literal> before all the lines.
-	This will allow the script to be fed into /bin/sh and reload the rules
-	into the kernel.  Perhaps not the most efficient way, but it
-	works.</para>
+      <para>You should enable your firewall from
+	<filename>/etc/rc.conf.local</filename> or
+	<filename>/etc/rc.conf</filename>.  The associated manpage explains
+	which knobs to fiddle and lists some preset firewall configurations.
+	If you do not use a preset configuration, <command>ipfw list</command>
+	will output the current ruleset into a file that you can
+	pass to <filename>rc.conf</filename>.  If you do not use
+	<filename>/etc/rc.conf.local</filename> or
+	<filename>/etc/rc.conf</filename> to enable your firewall,
+	it is important to make sure your firewall is enabled before
+	any IP interfaces are configured.
+      </para>
 	  
       <para>The next problem is what your firewall should actually
 	<emphasis>do</emphasis>! This is largely dependent on what access to


$B$/$j$d$^(B // kuriyama@sky.rim.or.jp
        // kuriyama@FreeBSD.org
