Date: Thu, 19 Feb 2004 14:54:07 +0200 (EET) From: VA <listat@synty.net> To: freebsd-isp@freebsd.org Subject: firewalling policy Message-ID: <Pine.LNX.4.53.0402191435590.23909@koti.synty.net>
next in thread | raw e-mail | index | archive | help
Hi fellow SysAdmins, I'm building a FreeBSD route/firewall for a little heavier use. I will use pf for firewall because it's more familiar and since I need to maintain a few OpenBSD boxes as well. Anyways I was hoping to get an opinion for a firewall rule structure. There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs. What is the best point to firewall? Naturally default block strategy assumed. I know each interface need rules to achieve good security, but what about external interface (WAN link)? Is it safe just to firewall each internal interface, because otherwise I need "double rules" and it get's more complicated. Any other hints to give or good optimized examples for pf in larger enviroment? I will surely make a public document once I get this up and running. Thanks in advance and specially all you developers of this great OS! -Vesa, SysAdmin, Finland
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.53.0402191435590.23909>