From owner-freebsd-questions Fri Mar 22 16:40:24 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id DA23E37B417 for ; Fri, 22 Mar 2002 16:40:20 -0800 (PST) Received: (qmail 818 invoked from network); 23 Mar 2002 00:40:19 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 23 Mar 2002 00:40:19 -0000 Date: Fri, 22 Mar 2002 19:40:19 -0500 (EST) From: Kenneth Culver To: Cliff Sarginson Cc: questions@FreeBSD.ORG Subject: Re: ipfw rules (was: Re: Advocacy help for CS professor) In-Reply-To: <20020323003356.GQ4940@raggedclown.net> Message-ID: <20020322193812.K792-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I know, but every firewall I have ever made has not worked. I think I > have a blind spot. Seriously I have firewall scripts coming out of my > ears, I have almost begged Crist Clark to write a book on it. But every > firewall I have built just does not work. And as I have loudly let it be > known, I have been cracked. My firewalls either let villains in, or keep > me out. I read all the books :) This is just my opinion, but if you havn't tried ipfilter, you should... I have a VERY simple ipfilter/ipnat configuration that keeps out all incoming traffic except ssh and email, and does stateful firewalling as well to allow my natted computers to connect through the firewall, and I have yet to have any problems. This isn't to say that I never will, but I've been running it this way for nearly a year now and never had a problem. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message