From owner-freebsd-hackers Tue Mar 6 7: 7:28 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id 2225237B71A; Tue, 6 Mar 2001 07:07:18 -0800 (PST) (envelope-from so@server.i-clue.de) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id RAA10529; Tue, 6 Mar 2001 17:13:26 +0100 Message-ID: <3AA4FD63.7870ED63@i-clue.de> Date: Tue, 06 Mar 2001 16:08:19 +0100 From: Christoph Sold Reply-To: so@server.i-clue.de X-Mailer: Mozilla 4.75 [de] (WinNT; U) X-Accept-Language: de MIME-Version: 1.0 Followup-To: questions@freebsd.org To: jett tayer , questions@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Re: anybody pls help im a newbie References: <003201c0a635$df28bb80$1e4bb0cb@martian> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Moved from -hackers to -questions, Followup is set.] > jett tayer schrieb: > > i want to protect my freebsd box from the outside. > anyone who can help? any sample configs about > ipfw or ipf. which do u guys prefer of the two? > > my box is running: > named > apache > qmail > popper You may use /stand/sysinstall during installation to enable a firewall with open, medium, or secure policy. If you already installed FreeBSD, have a look at /etc/defaults/rc.conf. It lists the following settings: ------ firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file ------ the above mentioned rc.firewall script lists ------ ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) # # For ``client'' and ``simple'' the entries below should be customized # appropriately. ############ # # If you don't know enough about packet filtering, we suggest that you # take time to read this book: # # Building Internet Firewalls # Brent Chapman and Elizabeth Zwicky # # O'Reilly & Associates, Inc # ISBN 1-56592-124-0 # http://www.ora.com/ ------ client and simple are default firewalls. For everything else you'll need to read the above mentioned book (~850p.) or to hire an expert, cause there is no such thing than an universal firewall. HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message