From owner-freebsd-questions@FreeBSD.ORG Thu Aug 2 18:19:51 2007 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA37B16A41A for ; Thu, 2 Aug 2007 18:19:51 +0000 (UTC) (envelope-from mats@c83-250-138-187.bredband.comhem.se) Received: from ch-smtp02.sth.basefarm.net (ch-smtp02.sth.basefarm.net [80.76.149.213]) by mx1.freebsd.org (Postfix) with ESMTP id 7B22F13C478 for ; Thu, 2 Aug 2007 18:19:51 +0000 (UTC) (envelope-from mats@c83-250-138-187.bredband.comhem.se) Received: from [83.251.118.254] (port=62516 helo=cyborg.valhall) by ch-smtp02.sth.basefarm.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.66) (envelope-from ) id 1IGfH2-0003tX-7w for freebsd-questions@FreeBSD.org; Thu, 02 Aug 2007 20:19:50 +0200 Received: from cyborg.valhall (localhost [127.0.0.1]) by cyborg.valhall (8.13.8/8.13.3) with ESMTP id l72IJ1u2000914 for ; Thu, 2 Aug 2007 20:19:01 +0200 (CEST) Received: (from mats@localhost) by cyborg.valhall (8.13.8/8.13.8/Submit) id l72IJ0Zf000913 for freebsd-questions@FreeBSD.org; Thu, 2 Aug 2007 20:19:00 +0200 (CEST) (envelope-from mats) Date: Thu, 2 Aug 2007 20:19:00 +0200 From: z999 To: freebsd-questions@FreeBSD.org Message-ID: <20070802181900.GA856@cyborg.c83-250-138-187.bredband.comhem.se> References: <20070802050950.GA865@cyborg.c83-250-138-187.bredband.comhem.se> <6.2.3.4.2.20070802095934.037a8290@mailsvr.xxiii.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.2.3.4.2.20070802095934.037a8290@mailsvr.xxiii.com> User-Agent: Mutt/1.4.2.2i X-Originating-IP: 83.251.118.254 X-Scan-Result: No virus found in message 1IGfH2-0003tX-7w. X-Scan-Signature: ch-smtp02.sth.basefarm.net 1IGfH2-0003tX-7w 45ac7f2495cd9192ece95132eeda01f1 Cc: Subject: Re: Firewall question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 18:19:51 -0000 On Thu, Aug 02, 2007 at 10:04:20AM -0400, r17fbsd@xxiii.com wrote: > It might not be as challenging as rolling your own... but have you > considered using one of the ready-to-install BSD firewall/router > packages like m0n0wall ? http://m0n0.ch/wall/ I have thinked about it. I have tried monowall just with firewall router and it's a good choice. The down-thing is that you can't setup the dhcp as freely as I wan to do (e.g. setup the dhcpd for pxeboot for diskless for example). And there is not so much to do to secure the firewall further than the monowall group already have done. > I don't know if it supports the 3rd interface, but it does run on > Soekris hardware. Well, it does. And there is a good description for a dmz also. /Regards