From owner-freebsd-questions  Mon Oct 29 14: 6:51 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 3D8F537B403
	for <freebsd-questions@freebsd.org>; Mon, 29 Oct 2001 14:05:26 -0800 (PST)
Received: from hades.hell.gr (patr530-a142.otenet.gr [212.205.215.142])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f9TM5K823722
	for <freebsd-questions@freebsd.org>; Tue, 30 Oct 2001 00:05:21 +0200 (EET)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f9TIhEr29328;
	Mon, 29 Oct 2001 20:43:14 +0200 (EET)
	(envelope-from charon@labs.gr)
Date: Mon, 29 Oct 2001 20:43:14 +0200
From: Giorgos Keramidas <charon@labs.gr>
To: Ben Witkowski <ben@alohagrowers.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Firewall on 4.4
Message-ID: <20011029204314.A28658@hades.hell.gr>
References: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, Oct 29, 2001 at 12:42:36AM -0800, Ben Witkowski wrote:
> FreeBSD firewall.unitedglobaltrading.com 4.4-STABLE FreeBSD 4.4-STABLE #2:
> Thu Sep 27 18:02:08 PDT 2001
> ben@firewall.unitedglobaltrading.com:/usr/obj/usr/src/sys/FIREWALL  i386
>
> i've installed a primary dns server on the above machine.
>
> the firewall is running "open", as "simple" type doesn't allow tcp
> traffic through..we still don't know why..

To be honest, I don't use rc.firewall's existing firewall types.
When I was trying to enable a firewall in my FreeBSD PC at home,
I tried reading rc.firewall to get an idea of what rules a firewall
should have, the dialup-firewall article from freebsd.org, articles at
www.daemonnews.org and www.freebsddiary.org and tried to make my own
ipfw rule set.

This, of course, requires an understanding of what types of packets
should be denied and what packets are better passed through, but if
you do a bit of research on the topic, I'm sure you'll find enough
help to get you started.

I'd suggest writing your own firewall rules, after you read at least
the following:

    http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/index.html
    http://www.daemonnews.org/200102/armoring.html
    http://www.daemonnews.org/200103/firewall.html
    http://www.daemonnews.org/200108/security-howto.html
    http://www.freebsddiary.org/ipfw.php
    http://www.freebsddiary.org/firewall.php
    http://www.freebsddiary.org/firewall2.php
    http://www.freebsddiary.org/filtering.php
    http://www.freebsddiary.org/firewallconvert.php
    http://www.freebsddiary.org/firewalls.php

Happy reading ;-)

-giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message