Date: Wed, 16 Jun 2004 10:35:24 -0400 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Kevin Curran" <kevin@curranfamilynet.net>, <freebsd-questions@freebsd.org> Subject: RE: Are 4 IPFW rules enough? Message-ID: <MIEPLLIBMLEEABPDBIEGOEMHGCAA.fbsd_user@a1poweruser.com> In-Reply-To: <1087261927.5494.11.camel@tower>
next in thread | previous in thread | raw e-mail | index | archive | help
Boy are you naïve. If firewall protection was that simple every body would be doing it your way. I have just completed my final draft of the complete rewrite of the FBSD handbook firewall section. Here is the URL where you can access it. www.a1poweruser.com/FBSD_firewall/ Give it a read and learn about all your FBSD firewall options -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Kevin Curran Sent: Monday, June 14, 2004 9:12 PM To: freebsd-questions@freebsd.org Subject: Are 4 IPFW rules enough? I have a cable modem and I'm using 4.9 as a NAT router for my home network. I have 4 rules in my ipfw config. The first enables NAT and the last is 65000 allow any to any. In between I ha 2 rules to deny access to ports 53 and 110 on the Internet side. That's all. Here's my thinking: I use inetd.conf to enable only the services I want, therefore the ports on which those services are listening I would want open. The two other ports I want to filter on the WAN side are filtered by the rules above. All the other ports are closed, anyway, so why spend time debugging an elaborate rule set? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGOEMHGCAA.fbsd_user>