Date: Fri, 18 Aug 2000 20:59:52 -0500 From: "David J. Kanter" <david.kanter@mindspring.com> To: FreeBSD questions <freebsd-questions@freebsd.org> Subject: To firewall or not to firewall... Message-ID: <20000818205952.A8313@localhost.localdomain>
next in thread | raw e-mail | index | archive | help
...that is the question. I have a single computer, with no internal network, that will shortly have a DSL connection that uses PPPoE and dynamic IP address assignment. I am a little confused with two things: one, do I need a firewall, and two, how to construct one with a dynamically assigned IP address. I've read that a firewall isn't really needed for one machine. Some say that ppp filters are better here. Nonetheless, I have turned off inetd and according to nmap these are the ports of concern: Port State Service 25/tcp open smtp 53/tcp open domain 111/tcp open sunrpc 515/tcp open printer 6000/tcp open X11 7101/tcp open unknown One question that arises is when to block "in" and/or "out" connections. It's a matter of not knowing where the "in" is coming from and where the "out" is coming from and going to. For instance, I should let "in" connections to port 25, right, but refuse "in" connections to port 6000? If I refuse "out" connections to port 6000 will I then block use of X on my machine? Perhaps I'm confused with where the firewall "sits." How correct is this schematic: 127.0.0.1 <---> firewall <---> NIC <---> Gateway <---> Internet Any help would be appreciated. -- David Kanter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000818205952.A8313>