Date: Tue, 25 Nov 2003 19:58:20 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Real Cucumber <monkcucumber@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Questions on Setting up new Freebsd 4.9 NAT Firewall Message-ID: <20031125195820.GC87337@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20031125192439.71522.qmail@web40705.mail.yahoo.com> References: <20031125192439.71522.qmail@web40705.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tue, Nov 25, 2003 at 11:24:39AM -0800, Real Cucumber wrote:
> Does anyone know if FreeBSD 4.9 can withstand various attacks such as DoS straight out of the box, or does it require any 3rd party stateful packet firewalls etc.. to be installed?
Both of the built-in firewall packet filters (ipfw(8) and ipf(8))
feature stateful rulesets. These can protect you against certain
types of DoS attacks. Which one you choose is entirely a matter of
preference at this sort of level.
A well configured FreeBSD box is a very good choice for a firewall
system. Plus if you confine the box to doing NAT+packet filtering,
you don't need much in the way of horsepower at all to cope with the
sort of traffic levels you can get on a cable modem connection. An
old pentium with a couple of good NICs should be able to cope.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/w7RcdtESqEQa7a0RAmyuAJ9CbZXi+AdGF4K1PjHE6lqfuBDrPACeKm8F
PtDDmEipoDOsxiow0WasM90=
=M5kH
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031125195820.GC87337>