Module name: mac_ifoff.ko
Kernel configuration line:
options MAC_IFOFF
Boot option:
mac_ifoff_load="YES"
The mac_ifoff(4) module exists solely to disable network interfaces on the fly and keep network interfaces from being brought up during system boot. It does not require any labels to be set up on the system, nor does it depend on other MAC modules.
Most of this module's control is performed through the
sysctl
tunables listed below.
One of the most common uses of mac_ifoff(4) is network
monitoring in an environment where network traffic should not
be permitted during the boot sequence. Another suggested use
would be to write a script which uses
security/aide
to
automatically block network traffic if it finds new or altered
files in protected directories.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.