Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 06 Mar 2001 16:08:19 +0100
From:      Christoph Sold <so@server.i-clue.de>
To:        jett tayer <webby@bsdi.dhs.org>, questions@freebsd.org
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: anybody pls help im a newbie
Message-ID:  <3AA4FD63.7870ED63@i-clue.de>
References:  <003201c0a635$df28bb80$1e4bb0cb@martian>

next in thread | previous in thread | raw e-mail | index | archive | help
[Moved from -hackers to -questions, Followup is set.]

> jett tayer schrieb:
> 
> i want to protect my freebsd box from the outside.
> anyone who can help? any sample configs about
> ipfw or ipf. which do u guys prefer of the two?
> 
> my box is running:
> named
> apache
> qmail
> popper

You may use /stand/sysinstall during installation to enable a firewall
with open, medium, or secure policy. If you already installed FreeBSD,
have a look at /etc/defaults/rc.conf. It lists the following settings:
---<snip>---
firewall_enable="NO"            # Set to YES to enable firewall
functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
firewall_logging="NO"           # Set to YES to enable events logging
firewall_flags=""               # Flags passed to ipfw when type is a
file
---</snip>---
the above mentioned rc.firewall script lists
---<snip>---
############
# Define the firewall type in /etc/rc.conf.  Valid values are:
#   open     - will allow anyone in
#   client   - will try to protect just this machine
#   simple   - will try to protect a whole network
#   closed   - totally disables IP services except via lo0 interface
#   UNKNOWN  - disables the loading of firewall rules.
#   filename - will load the rules in the given filename (full path
required)
#
# For ``client'' and ``simple'' the entries below should be customized
# appropriately.

############
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
#       Building Internet Firewalls
#       Brent Chapman and Elizabeth Zwicky
#
#       O'Reilly & Associates, Inc
#       ISBN 1-56592-124-0
#       http://www.ora.com/
---</snip>---

client and simple are default firewalls. For everything else you'll need
to read the above mentioned book (~850p.) or to hire an expert, cause
there is no such thing than an universal firewall.

HTH
-Christoph Sold

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AA4FD63.7870ED63>