Translation

ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP & port to names
(itstool) path: sect2/programlisting
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP & port to names
422/5040
Context English Portuguese (Brazil) State
<application>IPFILTER</application> is a kernel-side firewall and <acronym>NAT</acronym> mechanism that can be controlled and monitored by userland programs. Firewall rules can be set or deleted using <application>ipf</application>, <acronym>NAT</acronym> rules can be set or deleted using <application>ipnat</application>, run-time statistics for the kernel parts of <application>IPFILTER</application> can be printed using <application>ipfstat</application>, and <application>ipmon</application> can be used to log <application>IPFILTER</application> actions to the system log files. O <application>IPFILTER</application> é um firewall kernel-side e um mecanismo <acronym>NAT</acronym> que pode ser controlado e monitorado por programas da área de usuário. As regras de firewall podem ser definidas ou excluídas usando <application>ipf</application>, as regras <acronym>NAT</acronym> podem ser definidas ou excluídas usando <application>ipnat</application>, estatísticas em tempo de execução para as partes do kernel <application>IPFILTER</application> podem ser informadas usando <application>ipfstat</application>, e <application>ipmon</application> pode ser usado para logar ações do <application>IPFILTER</application> nos arquivos de log do sistema.
<application>IPF</application> was originally written using a rule processing logic of <quote>the last matching rule wins</quote> and only used stateless rules. Since then, <application>IPF</application> has been enhanced to include the <literal>quick</literal> and <literal>keep state</literal> options. O <application>IPF</application> foi originalmente escrito usando uma lógica de processamento de regra de que <quote>a última regra que corresponder, ganha</quote> e era utilizado apenas regras stateless. Desde então, <application>IPF</application> foi aprimorado para incluir as opções <literal>quick</literal> e <literal>keep state</literal>.
The <application>IPF</application> FAQ is at <uri xlink:href="http://www.phildev.net/ipf/index.html">http://www.phildev.net/ipf/index.html</uri>. A searchable archive of the IPFilter mailing list is available at <uri xlink:href="http://marc.info/?l=ipfilter">http://marc.info/?l=ipfilter</uri>. O FAQ <application>IPF</application> está em <uri xlink:href="http://www.phildev.net/ipf/index.html">http://www.phildev.net/ipf/index.html</uri>. Um arquivo liberado para buscas da lista de discussão IPFilter está disponível em <uri xlink:href="http://marc.info/?l=ipfilter">http://marc.info/?l=ipfilter</uri>.
This section of the Handbook focuses on <application>IPF</application> as it pertains to FreeBSD. It provides examples of rules that contain the <literal>quick</literal> and <literal>keep state</literal> options. Esta seção do Handbook foca no <application>IPF</application> no que se refere ao FreeBSD. Ele fornece exemplos de regras que contêm as opções <literal>quick</literal> e <literal>keep state</literal>.
Enabling <application>IPF</application> Ativando o <application>IPF</application>
<primary><application>IPFILTER</application></primary> <secondary>enabling</secondary> <primary><application>IPFILTER</application></primary> <secondary>enabling</secondary>
<application>IPF</application> is included in the basic FreeBSD install as a kernel loadable module, meaning that a custom kernel is not needed in order to enable <application>IPF</application>. O <application>IPF</application> está incluído na instalação base do FreeBSD como um módulo carregável do kernel, o que significa que um kernel personalizado não é necessário para habilitar o <application>IPF</application>.
<primary>kernel options</primary> <secondary><application>IPFILTER</application></secondary> <primary>kernel options</primary> <secondary><application>IPFILTER</application></secondary>
<primary>kernel options</primary> <secondary>IPFILTER_LOG</secondary> <primary>kernel options</primary> <secondary>IPFILTER_LOG</secondary>
<primary>kernel options</primary> <secondary>IPFILTER_DEFAULT_BLOCK</secondary> <primary>kernel options</primary> <secondary>IPFILTER_DEFAULT_BLOCK</secondary>
<primary><application>IPFILTER</application></primary> <secondary>kernel options</secondary> <primary><application>IPFILTER</application></primary> <secondary>kernel options</secondary>
For users who prefer to statically compile <application>IPF</application> support into a custom kernel, refer to the instructions in <xref linkend="kernelconfig"/>. The following kernel options are available: Para usuários que preferem compilar estaticamente o suporte ao <application>IPF</application> em um kernel personalizado, consulte as instruções em <xref linkend="kernelconfig"/>. As seguintes opções do kernel estão disponíveis:
options IPFILTER
options IPFILTER_LOG
options IPFILTER_LOOKUP
options IPFILTER_DEFAULT_BLOCK
options IPFILTER
options IPFILTER_LOG
options IPFILTER_LOOKUP
options IPFILTER_DEFAULT_BLOCK
where <literal>options IPFILTER</literal> enables support for <application>IPFILTER</application>, <literal>options IPFILTER_LOG</literal> enables <application>IPF</application> logging using the <filename>ipl</filename> packet logging pseudo-device for every rule that has the <literal>log</literal> keyword, <literal>IPFILTER_LOOKUP</literal> enables <acronym>IP</acronym> pools in order to speed up <acronym>IP</acronym> lookups, and <literal>options IPFILTER_DEFAULT_BLOCK</literal> changes the default behavior so that any packet not matching a firewall <literal>pass</literal> rule gets blocked. onde <literal>options IPFILTER</literal> ativa o suporte para o <application>IPFILTER</application>, <literal>options IPFILTER_LOG</literal> ativa o log do <application>IPF</application> usando o pseudo-dispositivo de log <filename>ipl</filename> para cada regra que tenha a palavra-chave <literal>log</literal>, <literal>IPFILTER_LOOKUP</literal> ativa as pools <acronym>IP</acronym> para acelerar <acronym>IP</acronym> lookups, e <literal>options IPFILTER_DEFAULT_BLOCK</literal> altera o comportamento padrão para que qualquer pacote que não corresponda a uma regra <literal>pass</literal> do firewall seja bloqueado.
To configure the system to enable <application>IPF</application> at boot time, add the following entries to <filename>/etc/rc.conf</filename>. These entries will also enable logging and <literal>default pass all</literal>. To change the default policy to <literal>block all</literal> without compiling a custom kernel, remember to add a <literal>block all</literal> rule at the end of the ruleset. Para configurar o sistema para ativar o <application>IPF</application> no momento da inicialização, adicione as seguintes entradas ao <filename>/etc/rc.conf</filename>. Essas entradas também ativarão o log e o <literal>default pass all</literal>. Para alterar a política padrão para <literal>block all</literal> sem compilar um kernel personalizado, lembre-se de adicionar uma regra <literal>block all</literal> no final do conjunto de regras.
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP &amp; port to names
ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP &amp; port to names
If <acronym>NAT</acronym> functionality is needed, also add these lines: Se a funcionalidade <acronym>NAT</acronym> for necessária, adicione também estas linhas:
gateway_enable="YES" # Enable as LAN gateway
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
gateway_enable="YES" # Enable as LAN gateway
ipnat_enable="YES" # Start ipnat function
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
Then, to start <application>IPF</application> now: Então, inicie o <application>IPF</application>:
<prompt>#</prompt> <userinput>service ipfilter start</userinput> <prompt>#</prompt> <userinput>service ipfilter start</userinput>
To load the firewall rules, specify the name of the ruleset file using <command>ipf</command>. The following command can be used to replace the currently running firewall rules: Para carregar as regras de firewall, especifique o nome do arquivo do conjunto de regras usando <command>ipf</command>. O comando a seguir pode ser usado para substituir as regras de firewall que está em execução:
<prompt>#</prompt> <userinput>ipf -Fa -f /etc/ipf.rules</userinput> <prompt>#</prompt> <userinput>ipf -Fa -f /etc/ipf.rules</userinput>
where <option>-Fa</option> flushes all the internal rules tables and <option>-f</option> specifies the file containing the rules to load. onde <option>-Fa</option> limpa todas as tabelas de regras internas e <option>-f</option> especifica o arquivo que contém as regras a serem carregadas.
This provides the ability to make changes to a custom ruleset and update the running firewall with a fresh copy of the rules without having to reboot the system. This method is convenient for testing new rules as the procedure can be executed as many times as needed. Isso fornece a capacidade de fazer alterações em um conjunto de regras personalizado e atualizar o firewall em execução com uma nova cópia das regras sem precisar reinicializar o sistema. Esse método é conveniente para testar novas regras, pois o procedimento pode ser executado quantas vezes forem necessárias.
Refer to <citerefentry><refentrytitle>ipf</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details on the other flags available with this command. Consulte <citerefentry><refentrytitle>ipf</refentrytitle><manvolnum>8</manvolnum></citerefentry> para detalhes sobre as outras flags disponíveis com este comando.
<application>IPF</application> Rule Syntax Sintaxe de Regras <application>IPF</application>
<primary><application>IPFILTER</application></primary> <secondary>rule syntax</secondary> <primary><application>IPFILTER</application></primary> <secondary>rule syntax</secondary>
This section describes the <application>IPF</application> rule syntax used to create stateful rules. When creating rules, keep in mind that unless the <literal>quick</literal> keyword appears in a rule, every rule is read in order, with the <emphasis>last matching rule</emphasis> being the one that is applied. This means that even if the first rule to match a packet is a <literal>pass</literal>, if there is a later matching rule that is a <literal>block</literal>, the packet will be dropped. Sample rulesets can be found in <filename>/usr/share/examples/ipfilter</filename>. Esta seção descreve a sintaxe de regras <application>IPF</application> usada para criar regras stateful. Ao criar regras, lembre-se de que, a menos que a palavra-chave <literal>quick</literal> apareça em uma regra, todas as regras são lidas em ordem, com a <emphasis>última regra correspondente </emphasis> sendo a aplicada. Isso significa que, mesmo que a primeira regra que corresponder a um pacote seja <literal>pass</literal>, se houver uma regra de correspondência posterior que seja <literal>block</literal>, o pacote será descartado. Os conjuntos de regras de exemplo podem ser encontrados em <filename>/usr/share/examples/ipfilter</filename>.
When creating rules, a <literal>#</literal> character is used to mark the start of a comment and may appear at the end of a rule, to explain that rule's function, or on its own line. Any blank lines are ignored. Ao criar regras, um caractere <literal>#</literal> é usado para marcar o início de um comentário e pode aparecer no final de uma regra, para explicar a função dessa regra ou em sua própria linha. Todas as linhas em branco são ignoradas.
The keywords which are used in rules must be written in a specific order, from left to right. Some keywords are mandatory while others are optional. Some keywords have sub-options which may be keywords themselves and also include more sub-options. The keyword order is as follows, where the words shown in uppercase represent a variable and the words shown in lowercase must precede the variable that follows it: As palavras-chave usadas nas regras devem ser escritas em uma ordem específica, da esquerda para a direita. Algumas palavras-chave são obrigatórias, enquanto outras são opcionais. Algumas palavras-chave têm sub-opções que podem ser palavras-chave e também incluem mais sub-opções. A ordem das palavras-chave é a seguinte, em que as palavras mostradas em maiúsculas representam uma variável e as palavras mostradas em minúsculas devem preceder a variável que a segue:
<replaceable>ACTION DIRECTION OPTIONS proto PROTO_TYPE from SRC_ADDR SRC_PORT to DST_ADDR DST_PORT TCP_FLAG|ICMP_TYPE keep state STATE</replaceable> <replaceable>ACTION DIRECTION OPTIONS proto PROTO_TYPE from SRC_ADDR SRC_PORT to DST_ADDR DST_PORT TCP_FLAG|ICMP_TYPE keep state STATE</replaceable>

Loading…

User avatar None

Source string changed

FreeBSD Doc / books_handbookPortuguese (Brazil)

ipfilter_enable="YES" # Start ipf firewall
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file
ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6
ipmon_enable="YES" # Start IP monitor log
ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
# v = log tcp window, ack, seq
# n = map IP &amp; port to names
3 months ago
Browse all component changes

Things to check

Mismatching line breaks

Number of new lines in translation does not match source

Reset

Glossary

English Portuguese (Brazil)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect2/programlisting
Flags
no-wrap
Source string location
book.translate.xml:60675
String age
3 months ago
Source string age
3 months ago
Translation file
books/pt_BR/handbook.po, string 9957