From owner-freebsd-questions Tue Mar 6 3:40:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id C243B37B719 for ; Tue, 6 Mar 2001 03:40:56 -0800 (PST) (envelope-from mwm@mired.org) Received: (qmail 28219 invoked by uid 100); 6 Mar 2001 11:40:56 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15012.52424.78507.19984@guru.mired.org> Date: Tue, 6 Mar 2001 05:40:56 -0600 To: "Bob Cohen" Cc: questions@freebsd.org Subject: RE: FreeBSD Firewall vs. Black Ice In-Reply-To: <7747768@toto.iv> X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Bob Cohen types: > Thanks for the interesting and informative discussion about > firewalls and site cracking. Though much of it went over my > head, as I am a web designer type, you have convinced me > that the best course of action will be to set up a > router/gateway w/FreeBSD. Mine is a cable connection, will > the cheat sheets provide me a good start? How can I learn > enough to build a solid firewall without spending all my > waking time, and therefore my billing time? As Ted mentioned, FreeBSD boxes aren't the easiest alternative. Linksys (among others) makes some cable/dsl router boxes that do firewall & nat, and work reasonably well. If you're not going to offer services to the internet over your cable connection, that's a perfectly reasonable choice, and take near zero effort to set up and admin. I've poked at a few of them, and there's nothing wrong in the firewall setup on them for that purpose. It's not as flexible as a FreeBSD box - but it takes less of almost any resource you care to name. If you want to build one based on FreeBSD, there are two books cited in /etc/rc.firewall that make an excellent start. The Chapman & Zwicky is sufficient; it covers the details of how you configure things, and provides the theory behind why it's done the way it is. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message