From owner-freebsd-questions@FreeBSD.ORG Wed Dec 3 13:19:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49D1616A4CF for ; Wed, 3 Dec 2003 13:19:06 -0800 (PST) Received: from morpheus.webteckies.org (node123e0.a2000.nl [24.132.35.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id C13E943FE3 for ; Wed, 3 Dec 2003 13:19:03 -0800 (PST) (envelope-from freebsd-questions@webteckies.org) Received: from sarevok.idg.nl (unknown [192.168.1.12]) by morpheus.webteckies.org (Postfix) with ESMTP id 50EF8107C6; Wed, 3 Dec 2003 22:15:40 +0100 (CET) From: Melvyn Sopacua Organization: WebTeckies.org To: fbsd_user@a1poweruser.com, "freebsd-questions@FreeBSD. ORG" Date: Wed, 3 Dec 2003 22:19:02 +0100 User-Agent: KMail/1.5.93 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_GNlz/aWCAcS/KpN"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200312032219.02710.freebsd-questions@webteckies.org> cc: jez.hancock@munk.nu cc: listone@deathbeforedecaf.net Subject: Re: network security sysctl mib's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 21:19:06 -0000 --Boundary-02=_GNlz/aWCAcS/KpN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 02 December 2003 18:29, fbsd_user wrote: > Thank you for responding with pointers to where I > can find some very limited documented info on the > MIB's I asked about. You're welcome. > The only conclusion one can draw from the test results is that > IPFILTER gets access to the packets before the log_in_vain Mib > does. To extrapolate on this, it would indicate the other network > security Mibs I pointed out in my original post are in the same boat > as log_in_vain. I haven't looked at specifics, but this sounds logical to me. MIB's control= or=20 inform about system states. A firewall's task is to prevent stuff from=20 entering the system. > The remaining question then is does the IPFW firewall work the same > way. If it does then all those network security Mib's only have > effect on FBSD systems that are not running an firewall. Not necessarily. You blocked all traffic, so the system does not register t= he=20 specific event you're looking at. Did you try just enabling the firewall bu= t=20 setting an "allow all" rule? > It's my opinion that in today's world of such emphasis on network > security that an clear understand of these MIB's are absolutely > necessary, indispensable, requisite information that has to be > disseminated to the FBSD community and not buried in some obscure, > very hard to find place like it currently is. Documentation on many MIB's is hard to find indeed. Maybe you should join t= he=20 documentation team to help out - but - in this specific case, the 2 ( ipfw2= =20 on -CURRENT makes 3 even) firewall implementations are well documented and= =20 should instead be used if one is concerned about security, because they can= =20 log and handle anything *before* it enters the system. > Here is the documentation I created in the sysctl.conf file. What do > you think about it? I would have to look at specifics and I think security@freebsd.org would be= a=20 more appropreate place to get some definitive answers. =2D-=20 Melvyn =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =46reeBSD sarevok.idg.nl 5.2-BETA FreeBSD 5.2-BETA #0: Wed Dec 3 20:13:44 = CET=20 2003 root@sarevok.webteckies.org:/usr/obj/usr/src/sys/SAREVOK_NOACPI =20 i386 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D --Boundary-02=_GNlz/aWCAcS/KpN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/zlNGOv9JNmfFN5URAvRSAJ9C/vDzVcla2cNs9wjBfN73jssfMgCgmNxz O/nPuzk/DDPvux8+Fdc9fhc= =PKgJ -----END PGP SIGNATURE----- --Boundary-02=_GNlz/aWCAcS/KpN--