*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> mac_ifoff (4)              
Title
Content
Arch
Section
 

MAC_IFOFF(4)

Contents


NAME    [Toc]    [Back]

     mac_ifoff -- interface silencing policy

SYNOPSIS    [Toc]    [Back]

     To compile the interface silencing policy into your kernel, place the
     following lines in your kernel configuration file:

	   options MAC
	   options MAC_IFOFF

     Alternately, to load the interface silencing policy module at boot time,
     place the following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_ifoff_load="YES"

DESCRIPTION    [Toc]    [Back]

     The mac_ifoff interface silencing module allows administrators to enable
     and disable incoming and outgoing data flow on system network interfaces
     via the sysctl(8) interface.

     To disable network traffic over the loopback (lo(4)) interface, set the
     sysctl(8) OID security.mac.ifoff.lo_enabled to 0 (default 1).

     To enable network traffic over other interfaces, set the sysctl(8) OID
     security.mac.ifoff.other_enabled to 1 (default 0).

     To allow BPF traffic to be received, even while other traffic is disabled,
 set the sysctl(8) OID security.mac.ifoff.bpfrecv_enabled to 1
     (default 0).

   Label Format    [Toc]    [Back]
     No labels are defined.

SEE ALSO    [Toc]    [Back]

      
      
     lomac(4), mac(4), mac_bsdextended(4), mac_lomac(4), mac_mls(4),
     mac_none(4), mac_partition(4), mac_portacl(4), mac_seeotheruids(4),
     mac_test(4), mac(9)

HISTORY    [Toc]    [Back]

     The mac_ifoff policy module first appeared in FreeBSD 5.0 and was developed
 by the TrustedBSD Project.

AUTHORS    [Toc]    [Back]

     This software was contributed to the FreeBSD Project by Network Associates
 Labs, the Security Research Division of Network Associates Inc.
     under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the
     DARPA CHATS research program.

BUGS    [Toc]    [Back]

     See mac(9) concerning appropriateness for production use.	The TrustedBSD
     MAC Framework is considered experimental in FreeBSD.

     While the MAC Framework design is intended to support the containment of
     the root user, not all attack channels are currently protected by entry
     point checks.  As such, MAC Framework policies should not be relied on,
     in isolation, to protect against a malicious privileged user.


FreeBSD 5.2.1		       December 10, 2002		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
libugidfw FreeBSD library interface to the file system firewall MAC policy
sched_getscheduler IRIX get the scheduling policy of a process
sched_setscheduler IRIX set the scheduling policy of a process
mac_test FreeBSD MAC framework testing policy
mac_partition FreeBSD process partition policy
mac_none FreeBSD null MAC policy module
dominance IRIX MAC label comparison policy
mac_stub FreeBSD MAC policy stub module
pm IRIX Policy Module operations
pthread_attr_setschedpolicy IRIX manage scheduling policy attributes
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service