Date: Thu, 29 Jan 2004 00:36:50 +0100 From: "Bruno Campanelli" <bcampanelli@quipo.it> To: "Jeff Brown" <j_brown11@hotmail.com>, <freebsd-newbies@FreeBSD.org> Subject: Re: FreeBSD and security Message-ID: <003d01c3e5f7$9c1f84e0$98055e3e@computer> References: <BAY1-F133I1jaG2VvzR0001ba5b@hotmail.com>
index | next in thread | previous in thread | raw e-mail
----- Original Message ----- From: "Jeff Brown" <j_brown11@hotmail.com> To: <freebsd-newbies@FreeBSD.org> Sent: Wednesday, January 28, 2004 8:25 PM Subject: FreeBSD and security >>I am planning to install FreeBSD and use it as my web server. I have >>wireless cable internet access and I am running straight into the webserver >>and then out to my switch (i have 3 desktops) Will I need to incorporate a >>hardware firewall, or does FreeBSD have adequate security built in? Yes,it does have security built in,provided you activate it. You can use one of the two commonly used firewalls: ipfw or ipfilter (I prefer ipfilter because use a very simple and strong ruleset logic). If you decide to use IPFW,see "Chapter 10.8:Firewalls",of the FreeBSD Handbook (online on www.freebsd.org/handbook, and you can download it from the site in various formats) on how to set up IPFW. If you want to use IPFilter here is a list of useful resources online: IPFilter home page: http://www.ipfilter.org IPFilter examples: http://coombs.anu.edu.au/~avalon/examples.html IPFilter how-to: http://www.unixcircle.com/ipf/ IPFilter mailing list archive: http://false.net/ipfilter Guido van Rooij has written some real nice IPFilter papers: http://www.madison-gurkha.com/all_publications.shtml Address Allocation for Private Internets: http://www.muine.org/rfc/rfc1918.txt The IP Network Address Translator (NAT): http://www.muine.org/rfc/rfc1631.txt Traditional IP Network Address Translator (Traditional NAT) http://www.muine.org/rfc/rfc3022.txt Bandwidth management: http://www.iet.unipi.it/~luigi/ip_dummynet/ The Twenty Most Critical Internet Security Vulnerabilities (Updated) http://66.129.1.101/top20.htm IPFilter and PF resources http://www.unixcircle.com/ipf/ [San Jose, CA, USA] http://www.pir.net/pir/ipf/ [Boston, MA, USA] http://www.openlysecure.org/content/html/www.obfuscation.org/ipf [Surrey, UK] http://mirrors.sunroot.de/www.obfuscation.org/ipf [Kerpen, Germany] http://www.grunta.com/ipf/ [Melbourne, Victoria, AU] http://www.darkart.com/mirrors/www.obfuscation.org/ipf/ [Oakland, CA, USA] FreeBSD rc.firewall patch synk has a patch to add simple ipf configuration to your FreeBSD /etc/rc.firewall http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz Real Stateful TCP Packet Filtering in IP Filter by Guido Van Rooij [local copy] [local pdf version] http://www.false.net/ipfilter/ The searchable ipfilter mailing list archive http://www.iae.nl/users/guido/bsdcon2000/ Cheers, >> Learn how to choose, serve, and enjoy wine at Wine @ MSN. >> http://wine.msn.com/ --- [Quipo ISP - Questa E-mail e' stata controllata dal programma Declude Virus] [Quipo ISP - This E-mail was scanned for viruses by Declude Virus]help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003d01c3e5f7$9c1f84e0$98055e3e>