From owner-freebsd-questions@FreeBSD.ORG Tue Jan 17 10:39:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4462A16A420 for ; Tue, 17 Jan 2006 10:39:30 +0000 (GMT) (envelope-from deejy-pooh@ntlworld.com) Received: from mta09-winn.ispmail.ntl.com (mta09-winn.ispmail.ntl.com [81.103.221.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5BDFC43D6D for ; Tue, 17 Jan 2006 10:39:23 +0000 (GMT) (envelope-from deejy-pooh@ntlworld.com) Received: from aamta09-winn.ispmail.ntl.com ([81.103.221.35]) by mta09-winn.ispmail.ntl.com with ESMTP id <20060117103919.TXGX6790.mta09-winn.ispmail.ntl.com@aamta09-winn.ispmail.ntl.com> for ; Tue, 17 Jan 2006 10:39:19 +0000 Received: from cpc4-linc4-5-1-cust91.nott.cable.ntl.com ([82.25.112.91]) by aamta09-winn.ispmail.ntl.com with ESMTP id <20060117103918.OTIR10196.aamta09-winn.ispmail.ntl.com@cpc4-linc4-5-1-cust91.nott.cable.ntl.com> for ; Tue, 17 Jan 2006 10:39:18 +0000 From: Uncle Deejy-Pooh Organization: Non Gratum Anus Rodentum To: freebsd-questions@freebsd.org Date: Tue, 17 Jan 2006 10:39:08 +0000 User-Agent: KMail/1.8.2 References: <20060116200608.49C2A16A422@hub.freebsd.org> In-Reply-To: <20060116200608.49C2A16A422@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200601171039.08803.deejy-pooh@ntlworld.com> Subject: Re: freebsd-questions Digest, Vol 121, Issue 26 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2006 10:39:30 -0000 On Monday 16 January 2006 20:06, freebsd-questions-request@freebsd.org wrote: > Date: Mon, 16 Jan 2006 14:30:01 +0100 > From: "Daniel A." > Subject: Re: FreeBSD > To: Uncle Deejy-Pooh > Cc: freebsd-questions@freebsd.org > Message-ID: > <5ceb5d550601160530w2b210f8ar4349cf1e1407a6db@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > Congratulations on your success with PC-BSD. > > I think that the nature of the BSD license can also indirectly be > applied to the FreeBSD mailing lists: Anyone can play along. > We're not elitist snobs =) > > On 1/13/06, Uncle Deejy-Pooh wrote: > > Hey, I've spent the day using pc-bsd, and I quite like it ! Can I remain > > on the > > mailing list, or are people already forming hollow squares to drum me out > > ? > > > > Regards to all for the New Year, > > Deej Many thanks for all the replies to my posting. Just to let y'all know that after toying with PC-BSD and Desktop-BSD - both have their merits - I'm back home ! Hell, I even put Windoze on for a day or two - what a shambles ! So, off I go again, trying to write assembler programmes for BSD - as lonely an occupation as ever bit a sandwich! Whilst I'm here, may I pick your collective brains regarding firewalls. I'm using a stand-alone box with a cable broadband connection. This box is used only for internet connection, downloading etc. and email, and this is my current firewall configuration ( stolen from somewhere ! ): In my kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPSTEALTH options TCP_DROP_SYNFIN In rc.conf: firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/firewall.rules" firewall_logging_enable="YES" log_in_vain="YES" tcp_drop_synfin="YES" icmp_drop_redirect="YES" My firewall.rules: add 00300 check-state add 00301 deny tcp from any to any in established add 00302 allow tcp from any to any out setup keep-state add 00400 allow udp from any 53 to any in add 00402 allow udp from any to any out add 00500 allow icmp from any to any icmptypes 3 add 00501 allow icmp from any to any icmptypes 4 add 00502 allow icmp from any to any icmptypes 8 add 00503 allow icmp from any to any icmptypes 0 in add 00504 allow icmp from any to any icmptypes 11 in As I know jack-all about Firewalls and all of my time is spent trying to learn unix assembly, I would appreciate comments on the above configuration from Those Who Know --- "on the shoulders of giants", and all that ! I'm sure that there are many out there who would appreciate comments on firewalls for stand-alone boxes - most of the info seems to be geared toward multi-processor, double-monitor, three-phase, jump-up-never-come-down, chrome-plated machines with high IQs ! Many thanks, as ever Deej