Date: Thu, 19 Feb 2004 13:50:38 -0300 From: Felipe Neuwald <felipe@neuwald.biz> To: VA <listat@synty.net>, freebsd-isp@freebsd.org Subject: Re: firewalling policy Message-ID: <1077209435.286.6.camel@buscape.freebsd> In-Reply-To: <Pine.LNX.4.53.0402191435590.23909@koti.synty.net> References: <Pine.LNX.4.53.0402191435590.23909@koti.synty.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi VA, On Thu, 2004-02-19 at 09:54, VA wrote: > Hi fellow SysAdmins, >=20 > I'm building a FreeBSD route/firewall for a little heavier use. I will us= e=20 > pf for firewall because it's more familiar and since I need to maintain a= =20 > few OpenBSD boxes as well. >=20 > Anyways I was hoping to get an opinion for a firewall rule structure. > There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs. >=20 > What is the best point to firewall? Naturally default block strategy=20 > assumed. I know each interface need rules to achieve good security, but=20 > what about external interface (WAN=20 > link)? Is it safe just to firewall each internal interface, because=20 > otherwise I need "double rules" and it get's more complicated. Make your firewall and your network secure from outside creating rules applicable to your WAN interface. You have more 9 other interfaces, so, make the rules according to networks and hosts that will be behind this interfaces. The best phrase that I ever listened about the free software world: read, write and execute... a thousand times... :-) > Any other hints to give or good optimized examples for pf in larger=20 > enviroment? I will surely make a public document once I get this up and=20 > running. > Thanks in advance and specially all you developers of this great OS! >=20 > -Vesa, SysAdmin, Finland > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" --=20 Felipe Neuwald felipe@neuwald.biz "Mi espada desconocer=E1 su funda, mientras dure el oprobio y la injusticia que sojuzga a mi pueblo" Sim=F3n Bol=EDvar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1077209435.286.6.camel>