From owner-freebsd-newbies@FreeBSD.ORG Wed Jan 28 15:37:01 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A92716A4CE for ; Wed, 28 Jan 2004 15:37:01 -0800 (PST) Received: from quipo.it (mx.quipo.it [212.43.108.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E81B43D39 for ; Wed, 28 Jan 2004 15:36:57 -0800 (PST) (envelope-from bcampanelli@quipo.it) Received: from computer [62.94.5.152] by quipo.it with ESMTP (SMTPD32-7.15) id A79489160046; Thu, 29 Jan 2004 00:36:52 +0100 Message-ID: <003d01c3e5f7$9c1f84e0$98055e3e@computer> From: "Bruno Campanelli" To: "Jeff Brown" , References: Date: Thu, 29 Jan 2004 00:36:50 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Declude-Sender: bcampanelli@quipo.it [62.94.5.152] X-Declude-Spoolname: D4794891600469a4d.SMD Subject: Re: FreeBSD and security X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2004 23:37:01 -0000 ----- Original Message -----=20 From: "Jeff Brown" To: Sent: Wednesday, January 28, 2004 8:25 PM Subject: FreeBSD and security >>I am planning to install FreeBSD and use it as my web server. I have=20 >>wireless cable internet access and I am running straight into the = webserver=20 >>and then out to my switch (i have 3 desktops) Will I need to = incorporate a=20 >>hardware firewall, or does FreeBSD have adequate security built in? Yes,it does have security built in,provided you activate it. You can use one of the two commonly used firewalls: ipfw or ipfilter (I prefer ipfilter because use a very simple and strong = ruleset logic). If you decide to use IPFW,see "Chapter 10.8:Firewalls",of the FreeBSD=20 Handbook (online on www.freebsd.org/handbook, and you can download it=20 from the site in various formats) on how to set up IPFW. If you want to use IPFilter here is a list of useful resources online: IPFilter home page: http://www.ipfilter.org IPFilter examples: http://coombs.anu.edu.au/~avalon/examples.html IPFilter how-to: http://www.unixcircle.com/ipf/ IPFilter mailing list archive: http://false.net/ipfilter Guido van Rooij has written some real nice IPFilter papers: http://www.madison-gurkha.com/all_publications.shtml Address Allocation for Private Internets: http://www.muine.org/rfc/rfc1918.txt The IP Network Address Translator (NAT): http://www.muine.org/rfc/rfc1631.txt Traditional IP Network Address Translator (Traditional NAT) http://www.muine.org/rfc/rfc3022.txt Bandwidth management: http://www.iet.unipi.it/~luigi/ip_dummynet/ The Twenty Most Critical Internet Security Vulnerabilities (Updated) http://66.129.1.101/top20.htm IPFilter and PF resources=20 http://www.unixcircle.com/ipf/ [San Jose, CA, USA]=20 http://www.pir.net/pir/ipf/ [Boston, MA, USA]=20 http://www.openlysecure.org/content/html/www.obfuscation.org/ipf = [Surrey, UK]=20 http://mirrors.sunroot.de/www.obfuscation.org/ipf [Kerpen, Germany]=20 http://www.grunta.com/ipf/ [Melbourne, Victoria, AU]=20 http://www.darkart.com/mirrors/www.obfuscation.org/ipf/ [Oakland, CA, = USA]=20 FreeBSD rc.firewall patch=20 synk has a patch to add simple ipf configuration to your FreeBSD = /etc/rc.firewall=20 http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz=20 Real Stateful TCP Packet Filtering in IP Filter by Guido Van Rooij = [local copy] [local pdf version]=20 http://www.false.net/ipfilter/=20 The searchable ipfilter mailing list archive=20 http://www.iae.nl/users/guido/bsdcon2000/=20 Cheers, >> Learn how to choose, serve, and enjoy wine at Wine @ MSN.=20 >> http://wine.msn.com/ --- [Quipo ISP - Questa E-mail e' stata controllata dal programma Declude Virus] [Quipo ISP - This E-mail was scanned for viruses by Declude Virus]