Date: Wed, 3 Dec 2003 22:19:02 +0100 From: Melvyn Sopacua <freebsd-questions@webteckies.org> To: fbsd_user@a1poweruser.com, "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Cc: listone@deathbeforedecaf.net Subject: Re: network security sysctl mib's Message-ID: <200312032219.02710.freebsd-questions@webteckies.org> In-Reply-To: <MIEPLLIBMLEEABPDBIEGEEDPEPAA.fbsd_user@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGEEDPEPAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_GNlz/aWCAcS/KpN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 02 December 2003 18:29, fbsd_user wrote: > Thank you for responding with pointers to where I > can find some very limited documented info on the > MIB's I asked about. You're welcome. > The only conclusion one can draw from the test results is that > IPFILTER gets access to the packets before the log_in_vain Mib > does. To extrapolate on this, it would indicate the other network > security Mibs I pointed out in my original post are in the same boat > as log_in_vain. I haven't looked at specifics, but this sounds logical to me. MIB's control= or=20 inform about system states. A firewall's task is to prevent stuff from=20 entering the system. > The remaining question then is does the IPFW firewall work the same > way. If it does then all those network security Mib's only have > effect on FBSD systems that are not running an firewall. Not necessarily. You blocked all traffic, so the system does not register t= he=20 specific event you're looking at. Did you try just enabling the firewall bu= t=20 setting an "allow all" rule? > It's my opinion that in today's world of such emphasis on network > security that an clear understand of these MIB's are absolutely > necessary, indispensable, requisite information that has to be > disseminated to the FBSD community and not buried in some obscure, > very hard to find place like it currently is. Documentation on many MIB's is hard to find indeed. Maybe you should join t= he=20 documentation team to help out - but - in this specific case, the 2 ( ipfw2= =20 on -CURRENT makes 3 even) firewall implementations are well documented and= =20 should instead be used if one is concerned about security, because they can= =20 log and handle anything *before* it enters the system. > Here is the documentation I created in the sysctl.conf file. What do > you think about it? I would have to look at specifics and I think security@freebsd.org would be= a=20 more appropreate place to get some definitive answers. =2D-=20 Melvyn =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D =46reeBSD sarevok.idg.nl 5.2-BETA FreeBSD 5.2-BETA #0: Wed Dec 3 20:13:44 = CET=20 2003 root@sarevok.webteckies.org:/usr/obj/usr/src/sys/SAREVOK_NOACPI =20 i386 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D --Boundary-02=_GNlz/aWCAcS/KpN Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/zlNGOv9JNmfFN5URAvRSAJ9C/vDzVcla2cNs9wjBfN73jssfMgCgmNxz O/nPuzk/DDPvux8+Fdc9fhc= =PKgJ -----END PGP SIGNATURE----- --Boundary-02=_GNlz/aWCAcS/KpN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312032219.02710.freebsd-questions>