Date: Thu, 19 Feb 2004 13:50:38 -0300 From: Felipe Neuwald <felipe@neuwald.biz> To: VA <listat@synty.net>, freebsd-isp@freebsd.org Subject: Re: firewalling policy Message-ID: <1077209435.286.6.camel@buscape.freebsd> In-Reply-To: <Pine.LNX.4.53.0402191435590.23909@koti.synty.net> References: <Pine.LNX.4.53.0402191435590.23909@koti.synty.net>
index | next in thread | previous in thread | raw e-mail
Hi VA, On Thu, 2004-02-19 at 09:54, VA wrote: > Hi fellow SysAdmins, > > I'm building a FreeBSD route/firewall for a little heavier use. I will use > pf for firewall because it's more familiar and since I need to maintain a > few OpenBSD boxes as well. > > Anyways I was hoping to get an opinion for a firewall rule structure. > There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs. > > What is the best point to firewall? Naturally default block strategy > assumed. I know each interface need rules to achieve good security, but > what about external interface (WAN > link)? Is it safe just to firewall each internal interface, because > otherwise I need "double rules" and it get's more complicated. Make your firewall and your network secure from outside creating rules applicable to your WAN interface. You have more 9 other interfaces, so, make the rules according to networks and hosts that will be behind this interfaces. The best phrase that I ever listened about the free software world: read, write and execute... a thousand times... :-) > Any other hints to give or good optimized examples for pf in larger > enviroment? I will surely make a public document once I get this up and > running. > Thanks in advance and specially all you developers of this great OS! > > -Vesa, SysAdmin, Finland > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- Felipe Neuwald felipe@neuwald.biz "Mi espada desconocerá su funda, mientras dure el oprobio y la injusticia que sojuzga a mi pueblo" Simón Bolívarhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1077209435.286.6.camel>