Date: Tue, 17 Jan 2006 10:39:08 +0000 From: Uncle Deejy-Pooh <deejy-pooh@ntlworld.com> To: freebsd-questions@freebsd.org Subject: Re: freebsd-questions Digest, Vol 121, Issue 26 Message-ID: <200601171039.08803.deejy-pooh@ntlworld.com> In-Reply-To: <20060116200608.49C2A16A422@hub.freebsd.org> References: <20060116200608.49C2A16A422@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 16 January 2006 20:06, freebsd-questions-request@freebsd.org wrote: > Date: Mon, 16 Jan 2006 14:30:01 +0100 > From: "Daniel A." <ldrada@gmail.com> > Subject: Re: FreeBSD > To: Uncle Deejy-Pooh <deejy-pooh@ntlworld.com> > Cc: freebsd-questions@freebsd.org > Message-ID: > <5ceb5d550601160530w2b210f8ar4349cf1e1407a6db@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > Congratulations on your success with PC-BSD. > > I think that the nature of the BSD license can also indirectly be > applied to the FreeBSD mailing lists: Anyone can play along. > We're not elitist snobs =) > > On 1/13/06, Uncle Deejy-Pooh <deejy-pooh@ntlworld.com> wrote: > > Hey, I've spent the day using pc-bsd, and I quite like it ! Can I remain > > on the > > mailing list, or are people already forming hollow squares to drum me out > > ? > > > > Regards to all for the New Year, > > Deej Many thanks for all the replies to my posting. Just to let y'all know that after toying with PC-BSD and Desktop-BSD - both have their merits - I'm back home ! Hell, I even put Windoze on for a day or two - what a shambles ! So, off I go again, trying to write assembler programmes for BSD - as lonely an occupation as ever bit a sandwich! Whilst I'm here, may I pick your collective brains regarding firewalls. I'm using a stand-alone box with a cable broadband connection. This box is used only for internet connection, downloading etc. and email, and this is my current firewall configuration ( stolen from somewhere ! ): In my kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPSTEALTH options TCP_DROP_SYNFIN In rc.conf: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/firewall.rules" firewall_logging_enable="YES" log_in_vain="YES" tcp_drop_synfin="YES" icmp_drop_redirect="YES" My firewall.rules: add 00300 check-state add 00301 deny tcp from any to any in established add 00302 allow tcp from any to any out setup keep-state add 00400 allow udp from any 53 to any in add 00402 allow udp from any to any out add 00500 allow icmp from any to any icmptypes 3 add 00501 allow icmp from any to any icmptypes 4 add 00502 allow icmp from any to any icmptypes 8 add 00503 allow icmp from any to any icmptypes 0 in add 00504 allow icmp from any to any icmptypes 11 in As I know jack-all about Firewalls and all of my time is spent trying to learn unix assembly, I would appreciate comments on the above configuration from Those Who Know --- "on the shoulders of giants", and all that ! I'm sure that there are many out there who would appreciate comments on firewalls for stand-alone boxes - most of the info seems to be geared toward multi-processor, double-monitor, three-phase, jump-up-never-come-down, chrome-plated machines with high IQs ! Many thanks, as ever Deej
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601171039.08803.deejy-pooh>