From owner-freebsd-questions  Fri Sep 21  0: 6:59 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id B37C737B401
	for <freebsd-questions@FreeBSD.ORG>; Fri, 21 Sep 2001 00:06:54 -0700 (PDT)
Received: from hades.hell.gr (patr530-b036.otenet.gr [195.167.121.164])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f8L76jS03504;
	Fri, 21 Sep 2001 10:06:45 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f8L5xOG43966;
	Fri, 21 Sep 2001 08:59:24 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Fri, 21 Sep 2001 08:59:23 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Oscar Castaneda <oscarcvt@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: workstation firewall, how secure is it?
Message-ID: <20010921085923.A41393@hades.hell.gr>
References: <F1584HGXAwxXSXI3acH00000261@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F1584HGXAwxXSXI3acH00000261@hotmail.com>
User-Agent: Mutt/1.3.22.1i
X-GPG-Fingerprint: C1EB 0653 DB8B A557 3829  00F9 D60F 941A 3186 03B6
X-URL: http://labs.gr/~charon/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Oscar Castaneda <oscarcvt@hotmail.com> wrote:
> 
> I have freebsd installed, and im considering configuring it as a firewall 
> using ipf and ipnat. However I dont want too many tradeoffs in functionality 
> 
> and usability (X for example). Still i wonder how secure a solution this is. 
> 
> ??

Without describing the 'solution' in more detail, it's hard to guess.

> Does anyone have any recomendations?  unfortunately i don't have a spare pc 
> i can use, all i have is my current (functional thank god) workstation...
> are there any howto's or guides for carrying this out on a pc workstation i 
> will be using ALL day?

I'm writing this message on a machine that runs FreeBSD (only).

The same machine runs X11 when I feel like writing something that needs a bit
more colour than the console can provide (such as SGML in XEmacs), and it also
uses ipfilter to filter incoming and outgoing traffic when I'm connected to
the net.

The samples of ipfilter in /usr/src/contrib/ipfilter/samples were what I
started to read when I was trying to build my own set of rules for this
firewall.  Guides and tutorials at www.freebsd.org, www.freebsddiary.org and
www.daemonnews.org also helped a lot.

To make a long story short.  Yes, what you're asking, can be done.

-giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message