>Добрый день!
>FreeBSD 5.3,
>по dmesg:
> >ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to accept, logging disabled
>
>Где прописать "rule-based forwarding enable"? Благодарю.
IPFW is included in the basic FreeBSD install as a separate run time loadable module. IPFW will dynamically load the kernel module when the rc.conf statement firewall_enable="YES" is used. You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled.
After rebooting your system with firewall_enable="YES" in rc.conf the following white highlighted message is displayed on the screen as part of the boot process:
IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging disabled
You can disregard this message as it is out dated and no longer is the true status of the IPFW loadable module. The loadable module really does have logging ability compiled in.
To set the verbose logging limit, There is a knob you can set in /etc/sysctl.conf by adding this statement, logging will be enabled on future reboots.
net.inet.ip.fw.verbose_limit=5
То есть IPFW работает, это устаревшее сообщение. (см. англ. Handbook --
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html)