# firewall.
# firewall_simple_inet_ipv6=«2001: db8: 2: 800 :: / 56» # Inside IPv6 network prefix
# for «simple» firewall.
# firewall_simple_oif_ipv6=«ed0» # Outside IPv6 network interface for «simple»
# firewall.
# firewall_simple_onet_ipv6=«2001: db8: 2: 0 :: / 56» # Outside IPv6 network prefix
# for «simple» firewall._myservices=«» # List of TCP ports on which this host
# offers services for «workstation» firewall._allowservices=«» # List of IPs which have access to
# $ firewall_myservices for «workstation»
# firewall._trusted=«» # List of IPs which have full access to this
# host for «workstation» firewall._logdeny=«NO» # Set to YES to log default denied incoming
# packets for «workstation» firewall._nologports=«135-139,445 1026,1027 1433,1434» # List of TCP / UDP ports
# for which denied incoming packets are not
# logged for «workstation» firewall._nat_enable=«NO» # Enable kernel NAT (if firewall_enable == YES) _nat_interface=«» # Public interface or IPaddress to use_nat_flags=«» # Additional configuration parameters_enable=«NO» # Load the dummynet (4) module_portrange_first=«NO» # Set first dynamically allocated port_portrange_last=«NO» # Set last dynamically allocated port_enable=«NO» # Enable IKE daemon (usually racoon or isakmpd) _program=«/ usr / local / sbin / isakmpd »# Path to IKE daemon_flags =« »# Additional flags for IKE daemon_enable =« NO »# Set to YES to run setkey on ipsec_file_file =« / etc / ipsec. conf »# Name of config file for setkey_program =« / sbin / natd »# path to natd, if you want a different one._enable =« NO »# Enable natd (if firewall_enable == YES). _interface =« »# Public interface or IPaddress to use._flags =« »# Additional flags for natd._enable =« NO »# Set to YES to enable ipfilter functionality_program =« / sbin / ipf »# where the ipfilter program lives_rules =«/ etc / ipfles» # rules definition file for ipfilter, see
# / usr / src / contrib / ipfilter / rules for examples_flags=«» # additional flags for ipfilter_enable=«NO» # Set to YES to enable ipnat functionality_program=«/ sbin / ipnat »# where the ipnat program lives_rules =« / etc / ipnatles »# rules definition file for ipnat_flags =« »# additional flags for ipnat_enable =« NO »# Set to YES for ipmon; needs ipfilter or ipnat_program=«/ sbin / ipmon» # where the ipfilter monitor program lives_flags=«-Ds» # typically «-Ds» or «-D / var / log / ipflog» _enable=«NO» # Set to YES to enable saving and restoring
# of state tables at shutdown and boot_program=«/ sbin / ipfs» # where the ipfs program lives_flags=«» # additional flags for ipfs_enable=«NO» # Set to YES to enable packet filter (pf) _rules=«/ etc / pf. conf »# rules definition file for pf_program =« / sbin / pfctl »# where the pfctl program lives_flags =« »# additional flags for pfctl_enable =« NO »# Set to YES to enable packet filter logging_logfile =« / var / log / pflog »# where pflogd should store the logfile_program =« / sbin / pflogd »# where the pflogd program lives_flags =« »# additional flags for pflogd_enable =« NO »# Set to YES to enable ftp-proxy (8) for pf_flags=«» # addi...
