From owner-freebsd-questions  Thu Sep 28 17:41: 1 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from glitch.crosswinds.net (glitch.crosswinds.net [209.208.163.35])
	by hub.freebsd.org (Postfix) with ESMTP id 236F937B422
	for <questions@freebsd.org>; Thu, 28 Sep 2000 17:40:55 -0700 (PDT)
Received: from lexx.my.domain (dyn11-ras17.screaming.net [212.49.240.11])
	by glitch.crosswinds.net (8.9.3/8.9.3) with SMTP id UAA59843;
	Thu, 28 Sep 2000 20:40:50 -0400 (EDT)
	(envelope-from john253@crosswinds.net)
From: John Murphy <john253@crosswinds.net>
To: "Dana" <akadanak@kc.rr.com>
Cc: questions@freebsd.org
Subject: Re: Firewalls
Date: Fri, 29 Sep 2000 01:40:24 +0100
Organization: The Organisation
Reply-To: john253@crosswinds.net
Message-ID: <qgo7ts4t7irod67epu17qtstfjb3r19r56@4ax.com>
References: <4.2.0.58.20000928002752.009d2420@mail-hub.optonline.net> <5.0.0.25.2.20000928101650.038e6350@mail.imag.net> <043101c02972$d75bc4a0$449aa318@kc.rr.com>
In-Reply-To: <043101c02972$d75bc4a0$449aa318@kc.rr.com>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

"Dana" <akadanak@kc.rr.com> wrote:

>I can't find any firewalls in the ports directories. What=20
>firewalls are people using with freeBSD?
>
One of the minor features of FreeBSD is that firewall functions are
built in, and enabled with just a few options.  If you are connecting
using the point to point protocol (PPP) then user ppp has a configurable
firewall built in.  Type 'man ppp' for one of the best 'man' pages I've =
seen.
Or: =
http://www.google.com/bsd?q=3Dppp+firewall&num=3D100&site=3Dsearch&restri=
ct=3Dbsd&hl=3Den&safe=3Doff&btnG=3DGoogle+Search=20
=46or larger networks, a choice of ipfw or ipfilter is easily =
configurable by the
addition of a few lines in a custom kernel.  Deciding what rules you need=
 and
implementing them is neo-exciting.

Charlie Schloemer mentioned the bpf (Berkeley Packet Filter).  I think =
this is
not necessary unless you need to snoop your network with tcpdump etc. I =
think
there are security reasons for not enabling bpf.  Especially for a =
firewall box.

HTH
John.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message