This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
ipfw [2010/08/26 02:21] k2patel |
ipfw [2010/09/08 20:43] k2patel |
||
---|---|---|---|
Line 17: | Line 17: | ||
</code> | </code> | ||
NOTE : sysctl net.link.ether.bridge_ipfw=1 (this value enable the snort) | NOTE : sysctl net.link.ether.bridge_ipfw=1 (this value enable the snort) | ||
- | |||
==== Common Attack Prevention ==== | ==== Common Attack Prevention ==== | ||
Line 46: | Line 45: | ||
**#deny fragments as bogus packets** | **#deny fragments as bogus packets** | ||
<code bash> | <code bash> | ||
- | ipfw add 00017 deny log all from any to any frag in via | + | ipfw add 00017 deny log all from any to any frag in via em0 |
</code> | </code> |