Date: Wed, 3 Oct 2001 21:12:43 +0200 From: "Alfatrion" <alfatrion@cybertron.tmfweb.nl> To: "Sudirman Hassan" <s9810048@mmu.edu.my>, <freebsd-questions@FreeBSD.ORG> Subject: Re: FreeFirewall Message-ID: <001901c14c3f$63e3ab00$231fa8c0@kruijff> References: <3727.10.100.98.133.1002129202.squirrel@10.100.3.5>
next in thread | previous in thread | raw e-mail | index | archive | help
> The idea is that : > 1. Sys admin using webbased interface to manage the firewall - remotely using > browser. Can do configuration of firewall policy, rule via web. See log file. > for firewall - i might be using ip filter. > 2. have option for ssh for those who like to tinkering by hand. You two basic options are to use either 'ipfw' or 'ipf'. Ipf is more advanced than ipfw when it comes to firewall rules and it is closer to the kernel, thus may be a bit faster. Ipfw on the other hand has a traffic shaper. Changing this via ssh sould be easy, but holds the danger of locking you self out because of wrong set of new firewall rules. So it sould not be done if one can not fisicaly acces the machine. (think of LAN) > 3. sharing connection with pc in LAN - ( i think suitable for small and medium > size company ) - NAT i guess doing all this For this you micht also have two options: natd or natd trough ppp. > 4. dhcp > 5. caching for faster and saving bandwith - might be using Squid. This does calls for a fast machine. If you have a machine like i do (cytrix 5x86) it would not be prudent. > 6. filtering - might using squidGuard. > 7. intrusion detection - snort or something like that. Syslog might be what you are looking for. > 8. upgrade etc. You can use cvs to update your source files and so use a little traffic as posible. Then do a make buildworld to rebuild your os while still allowing acces to the internet. (nice migth be added to let other process go first, thus there is as little as posible visible of something going on.) Then go in to single mode and do a make installworld. You can read the handbook avalible on www.freebsd.org. > 9. Setting that improve security > > All of the above will be done in a way that can be use/configure/tinker via > web. To make it related to FreeBSD, I name it "FreeFirewall" :) You might have > guess it. :P Security is a must. > > I like to mail personally to those who volunteer to help personally > rather flooding this mailing list. One of the ways people learn from this group, is by just reading. Also others may correct, add information on basis on what is given to you. Regards, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001901c14c3f$63e3ab00$231fa8c0>