Date: Wed, 16 Feb 2005 18:13:52 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: Alex D'Elia <alex@fan.priv.at> Cc: SigmaX <scottclansman@cwazy.co.uk> Subject: Re: Firewalls and Webmin Message-ID: <4213E1C0.3090100@daleco.biz> In-Reply-To: <20050216204945.GP12077@fan.priv.at> References: <4214CA3A.5040200@cwazy.co.uk> <20050216204945.GP12077@fan.priv.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex D'Elia wrote: >Hi SigmaX, > >* SigmaX <scottclansman@cwazy.co.uk> [050217 17:45]: > > > >>Heya; >>I have FreeBSD 5.3 and need to set up the firewall. I've never done >>anything with Firewall on a *NIX system without the help of Webmin, and >>I'm new to BSD in general. Webmin gives me an error when trying to use >>the BSD Firewall module. >> >>I tried doing "ipfw sh" to see what was up, and I get "ipfw: >>getsockopt(IP_FW_GET): Protocol not available" >> >>I found a post from a while back that said I need to recompile my >>kernel. I can't imagine that that's the case for a firewall in >>general. I need a firewall... if I can't use Webmin (read: ipfw) I'm >>gonna need a REALLY good howto :-P. Any help? >> >> >> > > >first of all I say ( as someone else will do ) that you should post >technical questions to freebsd-questions because this is a list of >discussion about FreeBSD and not about technical problems. >But I can tell you that if you follow the instructions of the >handbook, you will for sure have enough informations to get you going. >The handbook its a really good documentation, not only for FreeBSD >but for a lot more ;^) > > > Yes, and it should have been consulted prior to this posting. I don't mean to directly offend, but you have made at least one mistake in your advice. Likely I will, too; and, SigmaX, this is why your question is on the wrong forum. >And Yes, you need to recompile the kernel if you want to use your >system for a firewalling purpose. > > Not if he's using 5.3 and doesn't want NAT. From the Handbook: "IPFW is included in the basic FreeBSD install as a separate run time loadable module. IPFW will dynamically load the kernel module when the rc.conf statement firewall_enable="YES" is used. You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled." >But that's not an hack ..... its preety easy. >I personally find it easyer than in linux ( with all respects ), > > > It's easy once you've done it a few times. My first time was rather frightening, personally, but only because *I* was freaked out ... the system performed admirably. And, then you need "mergemaster" ... >I already used ipfw in FreeBSD-4.X and ipf and pf with OpenBSD. >Now that the new STABLE BRANCH 5.3 its including the pf firewall >from OpenBSD, I use that, 'cause I find it really powerfull and yet >nice to configure. > >just take a look at the handbook, and you'll find a lot of answers >to your questions. >You find the documentation also on your system: /usr/share/doc/en/books >for english language documentation :) > > > Good advice there too. Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4213E1C0.3090100>