From owner-freebsd-security  Mon Apr 29 18:09:48 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id SAA27946
          for security-outgoing; Mon, 29 Apr 1996 18:09:48 -0700 (PDT)
Received: from psychotic.communica.com.au (gw.communica.com.au [203.8.94.161])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id SAA27934
          for <freebsd-security@freebsd.org>; Mon, 29 Apr 1996 18:09:38 -0700 (PDT)
Received: from communica.com.au (newton@frenzy [192.82.222.1]) by psychotic.communica.com.au (8.6.12/8.6.9) with SMTP id KAA04487; Tue, 30 Apr 1996 10:37:21 +0930
Received: by communica.com.au (4.1/SMI-4.1)
	id AA15421; Tue, 30 Apr 96 10:39:12 CST
From: newton@communica.com.au (Mark Newton)
Message-Id: <9604300109.AA15421@communica.com.au>
Subject: Re: FreeBSD & firewalls
To: kristyn@gnu.ai.mit.edu (Kristyn Fayette)
Date: Tue, 30 Apr 1996 10:39:11 +0930 (CST)
Cc: freebsd-security@freebsd.org
In-Reply-To: <199604292259.SAA07646@spiff.gnu.ai.mit.edu> from "Kristyn Fayette" at Apr 29, 96 06:58:42 pm
X-Mailer: ELM [version 2.4 PL21]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Kristyn Fayette wrote:

 >   I'm getting ready to set up a firewall and I was wondering if anyone can
 > give me some suggestions.  Currently, I've got a firewall running on an Indy.
 > It's using the internet firewall toolkit.  Now I'm about to replace that
 > machine with a FreeBSD system.  Should I keep that toolkit, or should I use
 > the ipfw program that comes with 2.1?

Point 1:  Stick with what you know.  If you're using TIS now, keep using
  TIS.

Point 2:  Be aware that a single computer doesn't make a very good 
  firewall!  Simply plonking a UNIX box onto the network between you and
  your ISP is not going to deliver anywhere near what *I* would consider
  acceptable security (what you would consider acceptable may legitimately
  differ, though)

Just my (professional) opinion...

     - mark

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-373-2523
Communica Systems                         WWW:   http://www.communica.com.au