From owner-freebsd-security  Wed Feb 27  2:28:28 2002
Delivered-To: freebsd-security@freebsd.org
Received: from kumquat.mail.uk.easynet.net (kumquat.mail.uk.easynet.net [195.40.1.42])
	by hub.freebsd.org (Postfix) with ESMTP id D9E5337B41A
	for <freebsd-security@freebsd.org>; Wed, 27 Feb 2002 02:28:25 -0800 (PST)
Received: from magrat.office.easynet.net ([195.40.3.130])
	by kumquat.mail.uk.easynet.net with esmtp (Exim 3.33 #1)
	id 16g1Ji-0007XW-00; Wed, 27 Feb 2002 10:28:10 +0000
Received: by MAGRAT with Internet Mail Service (5.5.2653.19)
	id <16H95AZ5>; Wed, 27 Feb 2002 10:28:10 -0000
Message-ID: <7052044C7D7AD511A20200508B5A9C58516C2E@MAGRAT>
From: Lee Brotherston <lee.brotherston@uk.easynet.net>
To: 'Geert Houben' <sec@hict.nl>, freebsd-security@freebsd.org
Subject: RE: best firewall option for FreeBSD
Date: Wed, 27 Feb 2002 10:28:09 -0000
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

| What firewall software (Opensource) would you advice? Or do I have to
| choose another OS?

Personally I would favour using either ipf (ipfilters) or ipfw.  Both are
compiled into the kernel or can be loaded as modules.  ipfw is probably
easier to use for a newcomer, as the rule ordering is easier to understand,
however ipf has some really good features, especially if you are using nat
(it can do nat in the kernel using ipnat afaik).

The homepage for ipf is http://coombs.anu.edu.au/~avalon/ip-filter.html and
there is a really good tutorial at
http://www.obfuscation.org/ipf/ipf-howto.txt

ipfw doesn't require quite as much explanation, there is a page on
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
which covers it.  Although 'man ipfw' will probably provide most of what you
want.

Hope it helps

  Lee

-- 
Lee Brotherston  -  IP Security Manager, Easynet Ltd
http://www.easynet.net/         Phone: +44 20 7900 4444


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message