From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 23 05:47:49 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8FAE316A41F
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Aug 2005 05:47:49 +0000 (GMT)
	(envelope-from dmitry.mityugov@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1022C43D46
	for <freebsd-questions@freebsd.org>;
	Tue, 23 Aug 2005 05:47:48 +0000 (GMT)
	(envelope-from dmitry.mityugov@gmail.com)
Received: by wproxy.gmail.com with SMTP id i4so1134826wra
	for <freebsd-questions@freebsd.org>;
	Mon, 22 Aug 2005 22:47:47 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=kTKpR5XTVynLYzGzkzkMFqnJ4bpQ3UjHAApR/9nnbKEZp/+VI3V7SjLAQBGKFeLIF+NppxplSVLhbzlQkmFevm/c5cONcv8zhxMSxmNR9LlCqFqFLKSStWSqrAUoopx0gCXkKYYv5Dg+yJ7WFTyE2+1AUlCka8eGAckGcJzuR58=
Received: by 10.54.39.61 with SMTP id m61mr4437104wrm;
	Mon, 22 Aug 2005 22:47:47 -0700 (PDT)
Received: by 10.54.56.33 with HTTP; Mon, 22 Aug 2005 22:47:47 -0700 (PDT)
Message-ID: <b7052e1e05082222474a4c659b@mail.gmail.com>
Date: Tue, 23 Aug 2005 09:47:47 +0400
From: Dmitry Mityugov <dmitry.mityugov@gmail.com>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
In-Reply-To: <20050819214637.GA10088@flame.pc>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <43064B2F.7050605@orcon.net.nz> <20050819214637.GA10088@flame.pc>
Cc: freebsd-questions@freebsd.org
Subject: Re: Internet firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2005 05:47:49 -0000

On 8/20/05, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
> On 2005-08-20 09:12, Gareth Campbell <gcampbell@orcon.net.nz> wrote:
> > Hey guys,
> >
> > I'm a newbie and have got my box all set up with FreeBSD 5.4, fluxbox
> > wm, firefox, thunderbird etc...  It's all looking awesome, with
> > transparency, and working well.  I run it on dial-up ppp but haven't se=
t
> > up any firewall.  Should I be setting one up?
>=20
> Yes, definitely.
>=20
> It takes about 4-5 seconds when I connect with my dialup account from
> home and then incoming connections start coming from spyware, trojans
> and misc. other scanners :-)
...

But it is possible to set up ppp to reject all incoming requests (with
nat deny_incoming set to yes IIRC). After that, the machine will be
"invisible" to the outside world, even if no firewalls are configured
on it. At least Shields Up! service located at
https://www.grc.com/x/ne.dll?bh0bkyd2 will tell you so.

--=20
Dmitry Mityugov, St. Petersburg, Russia
I ignore all messages with confidentiality statements

"We live less by imagination than despite it" - Rockwell Kent, "N by E"