Date: Sat, 4 Jul 1998 23:28:47 -0700 From: "Michael P. Sale" <mike@merchantsnet.com> To: <junkmale@xtra.co.nz>, <freebsd-newbies@FreeBSD.ORG> Subject: Re: using IPFW as a firewall Message-ID: <01bda7de$2ad93c20$4706bccc@708644668>
next in thread | raw e-mail | index | archive | help
Dan, Neat stuff. Building a "real" firewall is an art form that few people ever gain enough skill to do correctly. It should provide you with a fun challenge at the least. I've never set anything up on a unix box, so I'm not too sure about the specifics of such an operation. I have however set up a few "screens" on routers in the past few years. ( We never called them firewalls because I've never believed that a router should or could be a *true* firewall.) After figuring out what we wanted to let through ( Ip addresses, smpt, ftp, etc...) we would build a wall. I.e. Disallow all. From there you can start poking holes in the wall, testing each "hole" as you go. I.e. allow ftp on xx port to this address only. This seems to prevent the "oh heck, now this doesn't work" problems too because nothing works untill you allow it to. It always seemed to work well for me to do things in this setup and test methodology, but everyone is different. Again, I'm not sure how much IPFW will allow here, so I'm not sure if this will work for you or not. Things you generally allow are telnet, ftp, and smtp (mail) on their specific ports. Sorry I can't provide specifics on UNIX systems. As you press ahead with the project, I would be interested to see some posts on the outcome. Good Luck! Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bda7de$2ad93c20$4706bccc>