Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Oct 2001 20:43:14 +0200
From:      Giorgos Keramidas <charon@labs.gr>
To:        Ben Witkowski <ben@alohagrowers.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Firewall on 4.4
Message-ID:  <20011029204314.A28658@hades.hell.gr>
In-Reply-To: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
References:  <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Mon, Oct 29, 2001 at 12:42:36AM -0800, Ben Witkowski wrote:
> FreeBSD firewall.unitedglobaltrading.com 4.4-STABLE FreeBSD 4.4-STABLE #2:
> Thu Sep 27 18:02:08 PDT 2001
> ben@firewall.unitedglobaltrading.com:/usr/obj/usr/src/sys/FIREWALL  i386
>
> i've installed a primary dns server on the above machine.
>
> the firewall is running "open", as "simple" type doesn't allow tcp
> traffic through..we still don't know why..

To be honest, I don't use rc.firewall's existing firewall types.
When I was trying to enable a firewall in my FreeBSD PC at home,
I tried reading rc.firewall to get an idea of what rules a firewall
should have, the dialup-firewall article from freebsd.org, articles at
www.daemonnews.org and www.freebsddiary.org and tried to make my own
ipfw rule set.

This, of course, requires an understanding of what types of packets
should be denied and what packets are better passed through, but if
you do a bit of research on the topic, I'm sure you'll find enough
help to get you started.

I'd suggest writing your own firewall rules, after you read at least
the following:

    http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/index.html
    http://www.daemonnews.org/200102/armoring.html
    http://www.daemonnews.org/200103/firewall.html
    http://www.daemonnews.org/200108/security-howto.html
    http://www.freebsddiary.org/ipfw.php
    http://www.freebsddiary.org/firewall.php
    http://www.freebsddiary.org/firewall2.php
    http://www.freebsddiary.org/filtering.php
    http://www.freebsddiary.org/firewallconvert.php
    http://www.freebsddiary.org/firewalls.php

Happy reading ;-)

-giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029204314.A28658>