From owner-freebsd-questions@FreeBSD.ORG  Sat Jul  1 17:03:22 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5358116A407
	for <freebsd-questions@freebsd.org>;
	Sat,  1 Jul 2006 17:03:22 +0000 (UTC)
	(envelope-from dwc@stilyagin.com)
Received: from puffy.asicommunications.com (puffy.asicommunications.com
	[216.9.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3AF643D68
	for <freebsd-questions@freebsd.org>;
	Sat,  1 Jul 2006 17:03:21 +0000 (GMT)
	(envelope-from dwc@stilyagin.com)
Received: from jeeves.stilyagin.local
	(dwc@reserved-216-9-200-41.asicommunications.com [216.9.200.41]
	(may be forged))
	by puffy.asicommunications.com (8.13.4/8.13.3) with ESMTP id
	k61H3K3j028675
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Sat, 1 Jul 2006 10:03:21 -0700 (MST)
Received: (from dwc@localhost)
	by jeeves.stilyagin.local (8.13.4/8.13.4/Submit) id k61H3J6Y007093;
	Sat, 1 Jul 2006 10:03:19 -0700 (MST)
Date: Sat, 1 Jul 2006 10:03:19 -0700
From: Darrin Chandler <dwchandler@stilyagin.com>
To: jan gestre <freebsd.ph@gmail.com>
Message-ID: <20060701170319.GA13344@jeeves.stilyagin.local>
References: <a25afc300607010846m60ebbf88h4e35b8c63e5abb87@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a25afc300607010846m60ebbf88h4e35b8c63e5abb87@mail.gmail.com>
User-Agent: Mutt/1.4.2i
Cc: freebsd-questions@freebsd.org
Subject: Re: pf on freebsd 6.1 on DMZ in m0n0wall question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jul 2006 17:03:22 -0000

On Sat, Jul 01, 2006 at 11:46:42PM +0800, jan gestre wrote:
> i recently installed and configured
> (postfix+dovecot+amavisd-new+clamav+dspam+roundcubemail) in my freebsd
> 6.1box, i placed the box in my dmz protected by m0n0wall, however i
> have no
> firewall on the mentioned box and i'm relying on m0n0wall to protect it. is
> that ok? i'm new to freebsd and read about pf and i'm having some thoughts
> of installing pf as firewall in my webmailserver but i'm afraid to mess
> things up especially now that the box is already a production server, do i
> really need to install a separate firewall? is it an overkill? if not then
> anybody kind enough to lend a working pf configuration that allows http,
> smtp and ssh, i've read the handbook but don't understand it much
> particularly the firewall thing.

I think you're right not to try this out on your production box. Pf is
nice, and I encourage you to use it, but *please* find a test machine!
Pf works well and it's pretty easy to learn, but you almost certainly
will make mistakes in the beginning.

In addition to the fine Handbook, there's a nice pf faq at
www.openbsd.org/faq/pf/ that explains a lot and has a few ruleset
examples.

If you learn your way on a test box it'll be a snap to put it in
production...

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler@stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |