From owner-freebsd-questions@FreeBSD.ORG Fri Aug 19 21:46:44 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C87616A41F for ; Fri, 19 Aug 2005 21:46:44 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BB2743D46 for ; Fri, 19 Aug 2005 21:46:42 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from flame.pc (aris.bedc.ondsl.gr [62.103.39.226]) by aiolos.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j7JLkdBg020996; Sat, 20 Aug 2005 00:46:39 +0300 Received: from flame.pc (flame [127.0.0.1]) by flame.pc (8.13.4/8.13.4) with ESMTP id j7JLkcix010125; Sat, 20 Aug 2005 00:46:38 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by flame.pc (8.13.4/8.13.4/Submit) id j7JLkbH6010124; Sat, 20 Aug 2005 00:46:37 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sat, 20 Aug 2005 00:46:37 +0300 From: Giorgos Keramidas To: Gareth Campbell Message-ID: <20050819214637.GA10088@flame.pc> References: <43064B2F.7050605@orcon.net.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43064B2F.7050605@orcon.net.nz> Cc: freebsd-questions@freebsd.org Subject: Re: Internet firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2005 21:46:44 -0000 On 2005-08-20 09:12, Gareth Campbell wrote: > Hey guys, > > I'm a newbie and have got my box all set up with FreeBSD 5.4, fluxbox > wm, firefox, thunderbird etc... It's all looking awesome, with > transparency, and working well. I run it on dial-up ppp but haven't set > up any firewall. Should I be setting one up? Yes, definitely. It takes about 4-5 seconds when I connect with my dialup account from home and then incoming connections start coming from spyware, trojans and misc. other scanners :-) > If so, do I use one of the bundled firewalls or can someone recommend > one that would suit my purposes? This is a stand-alone box, not on a > home network. The Handbook has a relatively nice chapter on firewalls. At my home workstation (that uses a dialup connection to the world) and on my laptop (that spends a lot of time connected in a corporate network), I use the PF firewall with exactly the same configuration on both machines: - Allow all outgoing connections - Allow *some* incoming connections - Block everything else The ``/etc/pf.conf'' file can be found at: http://people.freebsd.org/~keramida/files/pf.conf This and the Handbook chapter about PF will give a good head start :) - Giorgos