From owner-freebsd-questions  Wed Jul  5 03:30:33 1995
Return-Path: questions-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id DAA16526
          for questions-outgoing; Wed, 5 Jul 1995 03:30:33 -0700
Received: from inet-gw-3.pa.dec.com (inet-gw-3.pa.dec.com [16.1.0.33])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id DAA16514
          for <questions@freebsd.org>; Wed, 5 Jul 1995 03:30:18 -0700
Received: from tartufo.pcs.dec.com by inet-gw-3.pa.dec.com (5.65/24Feb95)
	id AA19403; Wed, 5 Jul 95 03:29:25 -0700
Received: by tartufo.pcs.dec.com (/\=-/\ Smail3.1.16.1 #16.39)
	id <m0sTRgX-000Pa5C@tartufo.pcs.dec.com>; Wed, 5 Jul 95 12:28 MSZ
Message-Id: <m0sTRgX-000Pa5C@tartufo.pcs.dec.com>
Date: Wed, 5 Jul 95 12:28 MSZ
From: me@tartufo.pcs.dec.com (Michael Elbel)
To: marek@malkom.pl
Cc: questions@freebsd.org
Subject: Re: IPFIREWALL
Newsgroups: pcs.freebsd.questions
References: <199507031327.GAA05279@freefall.cdrom.com>
Reply-To: me@freebsd.org
Sender: questions-owner@freebsd.org
Precedence: bulk

In pcs.freebsd.questions you write:

>Now I want to setup up a FreeBSD firewall box and 
>I have some questions about firewall in FreeBSD

>1) What about ipfw.FAQ ?

Good question, want to write one?

>2) Is there an example of kernel config file for this
>   purpose ? (minimal)

That depends on what kind of firewall you want to set up. The simplest
thing would to be to have the the FreeBSD box act as a bastion host
with two IP interfaces (e.g. two ethernets or one ethernet and a PPP link
to the ISP), disable ip forwarding (sysctl -w net.inet.ip.forwarding=0)
and install proxies for everything you want to pass through the firewall.
For this you simply make a minimal configuration for the machine and 
install your proxies of choice. I recommend a look at TIS' firewall
toolkit (ftp://ftp.tis.com/pub/firewalls/toolkit). It comes with excellent
documentation, including general thoughts about firewall concepts.

There is a general firewall FAQ too. Browse http://www.tis.com and
you'll find pointers in all directions.

>3) Are there any specific problems causing FreeBSD firewall ?

I haven't run into any yet. I've successfully set up a firewall
consisting of a screened subnet that's visible from the outside and a
hidden internal network using FreeBSD. In fact, we'll be using FreeBSD
exclusively for firewalls and general servers (http, ftp, etc.) for
our 1500 people company soon.

Michael-- 
Michael Elbel, PCS GmbH, Muenchen, Germany - me@FreeBSD.org
Fermentation fault (coors dumped)