From owner-freebsd-security Wed May 1 09:59:38 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA00413 for security-outgoing; Wed, 1 May 1996 09:59:38 -0700 (PDT) Received: from umbc7.umbc.edu (pauld@f-umbc7.umbc.edu [130.85.3.7]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA00408 for ; Wed, 1 May 1996 09:59:30 -0700 (PDT) Received: (from pauld@localhost) by umbc7.umbc.edu (8.6.12/Umbc) id MAA25256; Wed, 1 May 1996 12:58:24 -0400 Date: Wed, 1 May 1996 12:58:23 -0400 (EDT) From: Paul Danckaert To: Garth Kidd cc: Mark Newton , Kristyn Fayette , freebsd-security@FreeBSD.org Subject: Re: FreeBSD & firewalls In-Reply-To: <960501101804.ZM2871@jolt.systems.sa.gov.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 1 May 1996, Garth Kidd wrote: > On Apr 30, 10:02, Paul Danckaert wrote: > > > Also, I'm just curious and haven't looked too much into it, but has > > anybody used BSD to firewall people within a site? For example, we are > > looking at putting dorms on ethernet, but we are going to block various > > protocols, ports, etc.. > > Great idea. Those dorms are a real security threat, and I completely > understand wanting to firewall yourself off from them :). > > [I'm at least a measure serious, actually; what are you trying to protect?] Well, its really a minimal protection against IP spoofing, low level attacks, and for "policy enforcement". (Ie: We don't want to become an ISP, so we restrict logins from modem pools, etc..) I don't think we will have too many problems.. for example, I don't know how many people in our dorms would do low level NFS guess attacks, or anything like that.. but I would rather have something in place when we wire them up and not use it much, than having to put something in a year after.. paul