Date: Mon, 15 Jul 1996 10:21:02 -0700 (PDT) From: Jim Dennis <jim@starshine.org> To: sgt@netmedia.net.il (Sergei Barbarash) Cc: freebsd-questions@freebsd.org Subject: Re: firewall on FreeBSD Message-ID: <199607151721.KAA02397@starshine> In-Reply-To: <199607151342.PAA18010@zaraza.bofh.org.il> from "Sergei Barbarash" at Jul 15, 96 03:42:09 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> --==!Exmh_-1590452672P > Content-Type: text/plain; charset=us-ascii > > Hello, > > I need to install a firewall - I want it to be based on FreeBSD. What's the > best way to do it / the best free software to use? > SOCKS plus Darren Reed's IPFilter. Add TCP Wrappers for host level security, Tripwire for host-level integrity validation, and maybe some components from TIS FWTK (Firewall Toolkit) (particularly 'smapd'). Add in a copy of Brent Chapman's _Building_Firewalls_ book (O'Reilly & Associates) blend, bake and chill ;). Seriously -- a firewall has much more to do with designing a policy and not much to do with the implementation details and components. ftp://rtfm.mit.edu (or mirror) and look for the firewalls FAQ. What are the segments of you LAN? What are the services that need to flow in each direction between these segments? What services are you trying to provide to the Internet? What services do you want to be accessible from or through the Internet? Do you want to provide employees remote access? If so -- what services/applications should be remotely accessibly? What are you trying to protect (draw up scenarios and evaluate -- that is come up with cost risk assessments -- of each)? If you have to ask such a broad and general question ... you probably should hire a professional to come in a configure a firewall for you. This is particularly true if you want to quilt together your own from freeware components. Companies like CheckPoint and Borderware sell their products by pitching the idea that they are a "plug & play" solution that "does it all" and doesn't require any special knowledge on the part of the admin who sets it up. Both of these notions make me nervous (so I can't in good faith recommend any of the integrated commercial firewall products that I've seen). A firewall is useless without a data security policy. Jim Dennis,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607151721.KAA02397>