Date: Thu, 4 Apr 2002 20:01:45 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: freebsd-security@FreeBSD.ORG Subject: Mason equivalent for ipfw or ipf? Message-ID: <20020404195513.A32036-100000@a2> In-Reply-To: <20020404093230.C2932-100000@phoenix.vh.laserfence.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In a recent job we used Debian machines and I discovered a tool called Mason which workes with ipchains to monitor what sort of traffic is on the network and create a large set of rules representing different kinds of traffic. The user can then come back and adjust these rules to accept, deny or reject various sorts of traffic as required. This still leaves quite a bit of cleaning up to do, and doesn't lead to an adequately methodical approach, but it has a place where the administrator is not clear enough on what's happening on the network to easily create a firewall without interrupting important services. Has anyone developed something similar for adaptive rule generation for any of the FreeBSD firewall options? Andrew McNaughton On Thu, 4 Apr 2002, Willie Viljoen wrote: > Date: Thu, 4 Apr 2002 09:37:43 +0200 (SAST) > From: Willie Viljoen <will@laserfence.net> > To: kjhd kjsdfhk <juostaus@yahoo.com> > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: linksys 8 port router and ipfw > > To be quite honest, I would remove the router and connect the FreeBSD box > directly to the LAN. Then I would simply make the FreeBSD box act as a > router between the LAN and the cable interface... as for firewall rules, > here is something you might consider: (this assumes 10.0.0.0/24 is your > LAN) > > add divert natd all from 10.0.0.0/255.255.255.0 to ! 10.0.0.0/255.255.255.0 via xl1 > add check-state > add allow tcp from any to any <ports-open-to-outside> setup keep-state in > add allow udp from any to any <ports-open-to-outside> keep-state in > add allow all from 10.0.0.0/255.255.255.0 to any > > The syntax there might be slightly off... I've been playing around with > linux iptables recently, which has weird syntax and somehow sticks in my > memory... but you get the idea :) > > Will > > On Wed, 3 Apr 2002, kjhd kjsdfhk wrote: > > > > > > > thanks in advance. i have 8 windows clients behind a linksys router (befsr81 with > > updated firmware) on a hub that links to a freebsd box (4.5 release) running natd and > > connected to the net via cable; no dhcp anywhere. i can make it work, BUT, i am unsure of > > how well i have done it and how well it is protected. i have omitted the more mundane lo0 > > and spoofing entries for brevity. xl0 is internal interface. > > > > ipfw rules > > > > add divert natd all from any to any via xl1 > > add check-state > > add allow tcp from "the-router" to any 22 in setup keep-state > > add deny tcp from any to any 22 > > add allow all from "the-router" to any keep-state > > add allow all from any to any out > > default to deny > > > > #1 how can i change this so i doesn't suck and so the i can browse and ftp from > > bsd box? > > > > #2 see below, not as important as #1 but i didnt want to cross-post to questions. > > > > > > ***side note*** the strange thing about router. ssh works until i use the router. > > i googled and found other people that said to change to mtu on the nic and router, > > didnt work. the router only breaks ssh, (it is in /etc/hosts) you can still browse > > and ftp. remove the router and all works, without any other changes. i cheated and > > changed my sshd_config to listen on all interfaces and it will work through the > > router; not working on xl0 only xl1. i dont think this is, however, the best answer. > > > > again, i thank you all for any time and help. > > > > > > > > > > --------------------------------- > > Do You Yahoo!? > > Yahoo! Tax Center - online filing with TurboTax > > -- > Willie Viljoen > Private IT Consultant > > 214 Paul Kruger Avenue > Universitas > Bloemfontein > 9321 > > South Africa > > +27 51 522 15 60, a/h +27 51 522 44 36 > +27 82 404 03 27 > > will@laserfence.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020404195513.A32036-100000>