From owner-freebsd-security Tue Apr 13 23:53:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from mailg.telia.com (mailg.telia.com [194.22.194.26]) by hub.freebsd.org (Postfix) with ESMTP id 517D314D85 for ; Tue, 13 Apr 1999 23:53:10 -0700 (PDT) (envelope-from thomas.uhrfelt@plymovent.se) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailg.telia.com (8.8.5/8.8.8) with ESMTP id IAA02990 for ; Wed, 14 Apr 1999 08:50:50 +0200 (CEST) Received: from tu (t3o68p21.telia.com [62.20.139.21]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id IAA06945 for ; Wed, 14 Apr 1999 08:50:49 +0200 (CEST) Received: by localhost with Microsoft MAPI; Wed, 14 Apr 1999 08:47:19 +0200 Message-ID: <01BE8653.67C58CC0.thomas.uhrfelt@plymovent.se> From: Thomas Uhrfelt Reply-To: "thomas.uhrfelt@plymovent.se" To: "'freebsd-security@freebsd.org'" Subject: Re: IPFilter? Date: Wed, 14 Apr 1999 08:41:36 +0200 Organization: Plymovent AB X-Mailer: Microsoft Internet-e-post/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I already bought the 'Building Internet Firewalls' and its a good book, and I got the theoretic side of building a firewall pretty much nailed down. What I am missing is FreeBSD specific things + IPFilter/NAT things. I am new to the FreeBSD community and can't find any good documentation covering these. Neither is the IPFilter package filled with any "good" newcomer docs. I really think IPFilter and IPNat should be covered in the handbook since its a kernel option nowdays. Do you have any links for good FreeBSD+IPFilter pages? Regards, Thomas Uhrfelt [cut ] Thomas, 1. I recommend buying some books and reading some web pages by gurus (not by some of the vendors!). OReilly's have some good books. try Building Inernet Firewalls by Chapman and Zwicky, or a book by Bellovin and Cheswick (I don't recall the published just now). 2. Yes, don't go for any OS with a history of continuing weaknesses. And perferrably add in some defence in depth, by using choking routers externally and internally. Good luck (but really there is no luck - just use a good scientific approach). Cheers, Gary [ end cut ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message