Date: Thu, 29 Jan 2004 00:36:50 +0100 From: "Bruno Campanelli" <bcampanelli@quipo.it> To: "Jeff Brown" <j_brown11@hotmail.com>, <freebsd-newbies@FreeBSD.org> Subject: Re: FreeBSD and security Message-ID: <003d01c3e5f7$9c1f84e0$98055e3e@computer> References: <BAY1-F133I1jaG2VvzR0001ba5b@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----=20 From: "Jeff Brown" <j_brown11@hotmail.com> To: <freebsd-newbies@FreeBSD.org> Sent: Wednesday, January 28, 2004 8:25 PM Subject: FreeBSD and security >>I am planning to install FreeBSD and use it as my web server. I have=20 >>wireless cable internet access and I am running straight into the = webserver=20 >>and then out to my switch (i have 3 desktops) Will I need to = incorporate a=20 >>hardware firewall, or does FreeBSD have adequate security built in? Yes,it does have security built in,provided you activate it. You can use one of the two commonly used firewalls: ipfw or ipfilter (I prefer ipfilter because use a very simple and strong = ruleset logic). If you decide to use IPFW,see "Chapter 10.8:Firewalls",of the FreeBSD=20 Handbook (online on www.freebsd.org/handbook, and you can download it=20 from the site in various formats) on how to set up IPFW. If you want to use IPFilter here is a list of useful resources online: IPFilter home page: http://www.ipfilter.org IPFilter examples: http://coombs.anu.edu.au/~avalon/examples.html IPFilter how-to: http://www.unixcircle.com/ipf/ IPFilter mailing list archive: http://false.net/ipfilter Guido van Rooij has written some real nice IPFilter papers: http://www.madison-gurkha.com/all_publications.shtml Address Allocation for Private Internets: http://www.muine.org/rfc/rfc1918.txt The IP Network Address Translator (NAT): http://www.muine.org/rfc/rfc1631.txt Traditional IP Network Address Translator (Traditional NAT) http://www.muine.org/rfc/rfc3022.txt Bandwidth management: http://www.iet.unipi.it/~luigi/ip_dummynet/ The Twenty Most Critical Internet Security Vulnerabilities (Updated) http://66.129.1.101/top20.htm IPFilter and PF resources=20 http://www.unixcircle.com/ipf/ [San Jose, CA, USA]=20 http://www.pir.net/pir/ipf/ [Boston, MA, USA]=20 http://www.openlysecure.org/content/html/www.obfuscation.org/ipf = [Surrey, UK]=20 http://mirrors.sunroot.de/www.obfuscation.org/ipf [Kerpen, Germany]=20 http://www.grunta.com/ipf/ [Melbourne, Victoria, AU]=20 http://www.darkart.com/mirrors/www.obfuscation.org/ipf/ [Oakland, CA, = USA]=20 FreeBSD rc.firewall patch=20 synk has a patch to add simple ipf configuration to your FreeBSD = /etc/rc.firewall=20 http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz=20 Real Stateful TCP Packet Filtering in IP Filter by Guido Van Rooij = [local copy] [local pdf version]=20 http://www.false.net/ipfilter/=20 The searchable ipfilter mailing list archive=20 http://www.iae.nl/users/guido/bsdcon2000/=20 Cheers, >> Learn how to choose, serve, and enjoy wine at Wine @ MSN.=20 >> http://wine.msn.com/ --- [Quipo ISP - Questa E-mail e' stata controllata dal programma Declude Virus] [Quipo ISP - This E-mail was scanned for viruses by Declude Virus]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003d01c3e5f7$9c1f84e0$98055e3e>