From owner-freebsd-newbies@FreeBSD.ORG Thu Feb 17 00:13:56 2005 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D96D16A565 for ; Thu, 17 Feb 2005 00:13:56 +0000 (GMT) Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id E653643D39 for ; Thu, 17 Feb 2005 00:13:55 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [69.27.131.0] ([69.27.131.0]) by ns1.tiadon.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 16 Feb 2005 18:13:54 -0600 Message-ID: <4213E1C0.3090100@daleco.biz> Date: Wed, 16 Feb 2005 18:13:52 -0600 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.3) Gecko/20041210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alex D'Elia References: <4214CA3A.5040200@cwazy.co.uk> <20050216204945.GP12077@fan.priv.at> In-Reply-To: <20050216204945.GP12077@fan.priv.at> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 17 Feb 2005 00:13:55.0438 (UTC) FILETIME=[918278E0:01C51485] cc: freebsd-newbies@freebsd.org cc: SigmaX Subject: Re: Firewalls and Webmin X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Feb 2005 00:13:56 -0000 Alex D'Elia wrote: >Hi SigmaX, > >* SigmaX [050217 17:45]: > > > >>Heya; >>I have FreeBSD 5.3 and need to set up the firewall. I've never done >>anything with Firewall on a *NIX system without the help of Webmin, and >>I'm new to BSD in general. Webmin gives me an error when trying to use >>the BSD Firewall module. >> >>I tried doing "ipfw sh" to see what was up, and I get "ipfw: >>getsockopt(IP_FW_GET): Protocol not available" >> >>I found a post from a while back that said I need to recompile my >>kernel. I can't imagine that that's the case for a firewall in >>general. I need a firewall... if I can't use Webmin (read: ipfw) I'm >>gonna need a REALLY good howto :-P. Any help? >> >> >> > > >first of all I say ( as someone else will do ) that you should post >technical questions to freebsd-questions because this is a list of >discussion about FreeBSD and not about technical problems. >But I can tell you that if you follow the instructions of the >handbook, you will for sure have enough informations to get you going. >The handbook its a really good documentation, not only for FreeBSD >but for a lot more ;^) > > > Yes, and it should have been consulted prior to this posting. I don't mean to directly offend, but you have made at least one mistake in your advice. Likely I will, too; and, SigmaX, this is why your question is on the wrong forum. >And Yes, you need to recompile the kernel if you want to use your >system for a firewalling purpose. > > Not if he's using 5.3 and doesn't want NAT. From the Handbook: "IPFW is included in the basic FreeBSD install as a separate run time loadable module. IPFW will dynamically load the kernel module when the rc.conf statement firewall_enable="YES" is used. You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled." >But that's not an hack ..... its preety easy. >I personally find it easyer than in linux ( with all respects ), > > > It's easy once you've done it a few times. My first time was rather frightening, personally, but only because *I* was freaked out ... the system performed admirably. And, then you need "mergemaster" ... >I already used ipfw in FreeBSD-4.X and ipf and pf with OpenBSD. >Now that the new STABLE BRANCH 5.3 its including the pf firewall >from OpenBSD, I use that, 'cause I find it really powerfull and yet >nice to configure. > >just take a look at the handbook, and you'll find a lot of answers >to your questions. >You find the documentation also on your system: /usr/share/doc/en/books >for english language documentation :) > > > Good advice there too. Kevin Kinsey