Which firewall you select to use should be based on your level of
understanding of how information is moved across the internet.
Ipfilter is best suited for people who are just learning about
firewalling. PF is a little more automated and the rules are very
close to IPF's.
IPFW is for the advanced
On June 24, 2005 09:33 am, Khanh Cao Van wrote:
I'm going to learn about the freebsd firewall . In the handbook list
some of them and I could not find out what is the best . So I decided
to post here hoping to gain some of your opinion and experience .
I would like to know what firewall was
On Friday 24 June 2005 10:59 am, Ean Kingston wrote:
IPF was written for OpenBSD and later ported to FreeBSD. IPF came into
existence because of disagreements between certain members of the OpenBSD
team and the author of IPFilter. Filtering is done in the kernel and I
believe NAT is also
I have been using ipfw for quite some time and I love it. The only
issues I have with it are on the NAT side. Without a tool to modify the
current nat rules, I can not change them dynamically without editing my
config file then doing something like...
killall -9 natd ; sleep 2 ; /sbin/natd -f
On 2005-06-24 10:31, fbsd_user [EMAIL PROTECTED] wrote:
Which firewall you select to use should be based on your level of
understanding of how information is moved across the internet.
Ipfilter is best suited for people who are just learning about
firewalling. PF is a little more automated
On 2005-06-24 10:59, Ean Kingston [EMAIL PROTECTED] wrote:
For anyone who wants to start the in-kernel vs user-land NAT argument,
I've already been through it and there are valid arguments for both
sides. So, I won't get into it again.
Agreed. Most of the people who use FreeBSD in SOHO
--On June 24, 2005 5:31:13 PM +0100 [EMAIL PROTECTED] wrote:
On Friday 24 June 2005 15:31, fbsd_user wrote:
Which firewall you select to use should be based on your level of
understanding of how information is moved across the internet.
Ipfilter is best suited for people who are just learning
John Anderson [EMAIL PROTECTED] writes:
Hi there folks,
Having just moved into the country I am forced to use satellite for a
broadband connection. Due to telsra having a monopoly on this, I need to have
2 USB connections, one for satellite download, one for ISDN upload. So my
router
, June 22, 2005 4:18 PM
Subject: Re: Firewall with USB
John Anderson [EMAIL PROTECTED] writes:
Hi there folks,
Having just moved into the country I am forced to use satellite for a
broadband connection. Due to telsra having a monopoly on this, I need to
have 2 USB connections, one
Only a little note about the comment:
On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only,
IPF runs on many OSes (but not Linux),
Since i have been reading the Ipfilter maillist, you can see that Ipfilter now
runs on Linux too. This is only information. Greetings.
On Mar
Only a little note about the comment:
On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only,
IPF runs on many OSes (but not Linux),
Since i have been reading the Ipfilter maillist, you can see that Ipfilter
now
runs on Linux too. This is only information. Greetings.
I have been looking for a great firewall, something
not too technical, since I have only been using
FreeBSD for two months now.
I have FreeBSD-4.8 installed, Apache-1.3, and
Netqmail-1.05. I am also planning on running an NTP
time server and possibly a forum in the future. The
web site is
Well, I suggest PF from openbsd
ok, it's really simple, and it exist a good page on freebsd to learn how it
works
ok see ya
Le Wed, Mar 23, 2005 at 03:47:10PM -0500, Shawn B a écrit:
From: Shawn B [EMAIL PROTECTED]
To: freebsd-questions@freebsd.org
Date: Wed, 23 Mar 2005 15:47:10 -0500 (EST)
http://www.unixguide.net/freebsd/fbsd_installguide/index.php
This install guide covers both of the 2 firewalls that come built in
to FreeBSD for all 4.x release. Software firewalls are heads and
shoulders above hardware firewalls which can not do stateful type of
protection.
I recommend ipfilter
http://www.unixguide.net/freebsd/fbsd_installguide/index.php
This install guide covers both of the 2 firewalls that come built in
to FreeBSD for all 4.x release. Software firewalls are heads and
shoulders above hardware firewalls which can not do stateful type of
protection.
You might want
On Wednesday 23 March 2005 21:03, Ean Kingston wrote:
Also, I am looking for antiviral protection for both
the FreeBSD server, and any Windows or Macintosh
systems that may be using the POP mail. I know qmail
has one solution, which was contributed by a qmail
user, but what are the
--On Wednesday, March 23, 2005 09:45:56 PM + RW
[EMAIL PROTECTED] wrote:
Clamav is supposed to be good for filtering windows viruses out of email.
I know Fastmail.fm dropped Kaspersky in favour of Clamav, they claimed
the updates to be at least as good.
We did some pretty thorough testing
DH Greetings,
DH I have had a Freebsd firewall (Older computer with (1) 3com 10Mb
DH ethernet PCI card, and (1) 3 com 10/100 Mb ethernet PCI card).
DH The firewall croaked on me (motherboard died). As a quick fix,
DH I plugged in a Linksys BEFSX41.
DH My Question is, should I build a new
Darryl Hoar wrote:
Greetings,
I have had a Freebsd firewall (Older computer with (1) 3com 10Mb
ethernet PCI card, and (1) 3 com 10/100 Mb ethernet PCI card).
The firewall croaked on me (motherboard died). As a quick fix,
I plugged in a Linksys BEFSX41.
My Question is, should I build a new
Darryl Hoar wrote:
Greetings,
I have had a Freebsd firewall (Older computer with (1) 3com 10Mb
ethernet PCI card, and (1) 3 com 10/100 Mb ethernet PCI card).
The firewall croaked on me (motherboard died). As a quick fix,
I plugged in a Linksys BEFSX41.
My Question is, should I build a new
On 01/10/05 01:34 PM, dave sat at the `puter and typed:
Hello,
For your setup of blacklisting IP's do you use any cron scripts for
procedure automation?
I'm assuming for your firewall block table that you store that in a
separate file? Can you send that file my way? I've tried to come
On 2004.10.27 11:26:00 +, Florian Hengstberger wrote:
Hi!
I'm compiled a Kernel using the GENERIC config-file that
comes with the default 5.2.1 installation adding support
for ipfw.
I tried to scan my computer with a linux machine running nmap,
but nmap tells me that the host seems to
To: James A. Coulter; [EMAIL PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
Look back at the ipfw sample rule set and you will see that
there are both udp and tcp protocol access to DSN. Also not
that udp does not use setup keyword.
# Allow out access to my ISP's
]
[mailto:[EMAIL PROTECTED] On Behalf Of JJB
Sent: Friday, July 30, 2004 1:20 PM
To: James A. Coulter; [EMAIL PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
Change this ipfw rule from
5 allow ip from any to any via xl0
To
5 allow ip from any
PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
Thanks for the response. . .
I changed rule 5 from x10 to dc0 - thanks
Not sure why I would want my inside nic requesting DHCP service from
my ISP.
It has been working fine in the configuration I have it so I've left
A. Coulter; [EMAIL PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
You better re-read what you posted in early post. You posted
that dc1 is your outside NIC, which is connected to your
cable modem which is connected to your ISP. Your outside NIC
needs DHCP to get ip
On 2004-07-31 12:08, James A. Coulter [EMAIL PROTECTED] wrote:
My LAN is configured with static IP addresses, 192.168.1.x.
I have no problems communicating within the LAN.
I have full connectivity with the internet from every machine on my LAN when
the firewall is open.
When I use the rule
]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
You better re-read what you posted in early post. You posted
that dc1 is your outside NIC, which is connected to your
cable modem which is connected to your ISP. Your outside NIC
needs DHCP to get ip and dns info from your ISP. NOW
A.
Coulter
Sent: Saturday, July 31, 2004 1:09 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
My LAN is configured with static IP addresses, 192.168.1.x.
I have no problems communicating within the LAN.
I have full connectivity
: Saturday, July 31, 2004 2:03 PM
To: James A. Coulter
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Firewall Rule Set not allowing access to DNS servers?
My LAN is configured with static IP addresses, 192.168.1.x.
I have no problems communicating within the LAN.
I have full connectivity
Of Giorgos
Keramidas
Sent: Saturday, July 31, 2004 1:36 PM
To: James A. Coulter
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Firewall Rule Set not allowing access to DNS servers?
On 2004-07-31 12:08, James A. Coulter [EMAIL PROTECTED]
wrote:
My LAN is configured with static IP addresses, 192.168.1
[-- Message reformatted to fix Outlook format --]
On 2004-07-31 14:17, JJB [EMAIL PROTECTED] wrote:
Giorgos Keramidas wrote on July 31, 2004 1:36 PM
On 2004-07-31 12:08, James A. Coulter [EMAIL PROTECTED] wrote:
My LAN is configured with static IP addresses, 192.168.1.x.
I have no problems
. Would you
please share with me and the other readers how you do this.
Thanks
Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Giorgos
Keramidas
Sent: Saturday, July 31, 2004 6:43 PM
To: JJB
Cc: [EMAIL PROTECTED]
Subject: Re: Firewall Rule Set
On 2004-07-31 20:07, JJB [EMAIL PROTECTED] wrote:
Now many home LAN environments have ms/windows boxes and that system
is the target of all the adware and spyware programs. These
unauthorized programs all most always use non-standard ports to
phone home and report on your activity. The only
Change this ipfw rule from
5 allow ip from any to any via xl0
To
5 allow ip from any to any via dc0
because dc0 is the lan interface name and not xl0.
Change these statement in rc.conf because you have interface name
backwards.
Dc1 is the NIC connected to your cable modem and you
Want to thank you guys for your help; I setup my first firewall last night.
Granted it is basic, and have a lot of work to do yet, but it's a start. It
is routing and letting my test machines access the web.
Hopefully the last question (yeah right)
I decided to use IPFILTER and appears to be
If you run your own DHCP server then you can lock IP numbers via their
MAC id there for the machines you trust.
Then allow them appropriate access via ipf and corral the rest.
(In DCHP create a 'pool' for others that uses a different section of
your ip range)
HTH
mjt
On Thu, 2004-07-22 at
There are 3 remote sites connecting to our network using GATEWAY to
GATEWAY
VPN and around 25 remote VPN users that must be dealt with also. Last
item,
there is a chance that I will have to connect 3 more remote sites into the
picture within the next 6 months, so this needs to be scalable to
To: Paul Hillen
Cc: [EMAIL PROTECTED]
Subject: Re: Firewall, OpenVPN and Squid question
There are 3 remote sites connecting to our network using GATEWAY to
GATEWAY
VPN and around 25 remote VPN users that must be dealt with also. Last
item,
there is a chance that I will have to connect 3 more
I have around 100 users at our site that would require the use of squid,
we
house are own webserver, mail server, public DNS servers in the DMZ and 2
private DNS servers on the internal network, used by both Internal and VPN
users.
Sites connecting Gateway to Gateway, there are apprx as
- Original Message -
From: Paul Hillen [EMAIL PROTECTED]
To: Steve Bertrand [EMAIL PROTECTED]; Paul Hillen [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 1:33 PM
Subject: RE: Firewall, OpenVPN and Squid question
I have around 100 users at our site that would
We have about 6000 users, and the FBSD firewall never ever hiccup'ed. I
could even run tcpdump for hours, and it would rarely ever drop even a
single packet.
What size hardware is your firewall running on to handle the potential of
6000 users accessing your internal servers for mail, etc...
I have around 100 users at our site that would require the use of squid,
we
house are own webserver, mail server, public DNS servers in the DMZ and
2
private DNS servers on the internal network, used by both Internal and
VPN
users.
Sites connecting Gateway to Gateway, there are apprx as
From: Steve Bertrand [mailto:[EMAIL PROTECTED]
I have around 100 users at our site that would require the use of squid,
we house are own webserver, mail server, public DNS servers in the DMZ
and 2 private DNS servers on the internal network, used by both Internal
and VPN users.
Sites
I would have to guess if a hardware firewall like Watchguard that offers
VPN
also, that it would have to be beefer than that. Steve going back to
your
initial response about the PIII 800MHz network, are you using a proxy
for
the internal users or are they connecting directly to the firewall
Gaspar Kiraly wrote:
I am in the process of setting up ipfw for my server and a small LAN of two pcs.
The FreeBSD server is used as an internet gateway with a dial up connection (ppp -auto -alias demand).
My network connection is working fine, however I am getting more and more junk mail lately.
Here is a rewrite of the FreeBSD handbook firewall section with
examples that will answer all your questions.
www.a1poweruser.com/FBSD_firewall/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gaspar
Kiraly
Sent: Sunday, July 11, 2004 8:52 AM
To: [EMAIL
http://www.m0n0.ch/
T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Feczak
Szabolcs
Sent: Tuesday, June 29, 2004 8:51 AM
To: [EMAIL PROTECTED]
Subject: firewall on cdrom
Any similar projects like closedbsd out there ?
--
_(_)_
(_. o_)
Peter, choose your firewall software, with a host firewall (what you are
looking for, not a network firewall) the features you need will be
limited. Find a howto on using that firewall package. The only
difference between what you want and what most howtos provide
instructions for is the
On Tue, 29 Jun 2004 17:50:56 +0200, Feczak Szabolcs [EMAIL PROTECTED] wrote:
Any similar projects like closedbsd out there ?
NetBoz Firewall
http://www.netboz.net/
Best regards,
zam4ever
___
[EMAIL PROTECTED] mailing list
Peter Zyumbilev wrote:
Do you know some good tutorial for bulding firewall for FreeBSD as web
server. I found a lot of tutorials but for FreeBSD as router.
First, are you building a firewall or a web server?
If you're building a firewall, you don't want to run any services like WWW at
all on the
To: Peter Zyumbilev
Cc: [EMAIL PROTECTED]
Sent: Monday, June 28, 2004 8:15 PM
Subject: Re: firewall for web server
Peter Zyumbilev wrote:
Do you know some good tutorial for bulding firewall for FreeBSD as web
server. I found a lot of tutorials but for FreeBSD as router.
First, are you building
On Monday 28 June 2004 12:44 pm, Peter wrote:
I am budiling a web server.
Since it is ina remote data center wher I do not contrl the router I prefer
I to build firewall on the www server.
APF http://www.rfxnetworks.com/apf.php
very popular firewall in the linux world.
Thanks,
Peter
Yes
On Wed, Jun 16, 2004 at 01:32:58AM +0100, Robert Downes wrote:
JJB wrote:
Fundamentally his keep-state rules work and yours don't.
I have used his script exactly, modifying only for the differences in my
ISP's addresses. Everything works as before, and still the check-state
rule is
On 2004-06-15 20:54, Robert Downes [EMAIL PROTECTED] wrote:
I'm obviously missing something...
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out via rl0
00300 0 0 check-state
00400 32 3296 allow ip
JJB wrote:
First indication is the hit count on the check-state rule. It's zero
which means there is never an match in the keep-state table. For all
practical purposes your firewall keep-state rules are useless.
I was suspicious of that too, but if I remove the keep-state option from
the allow
JJB wrote:
Fundamentally his keep-state rules work and yours don't.
I have used his script exactly, modifying only for the differences in my
ISP's addresses. Everything works as before, and still the check-state
rule is showing zero packets and zero bytes, even though keep-state
rules have been
On 2004-06-15 23:29, Giorgos Keramidas [EMAIL PROTECTED] wrote:
On 2004-06-15 20:54, Robert Downes [EMAIL PROTECTED] wrote:
I'm obviously missing something...
su-2.05b# ipfw -a list
00100 16 1144 divert 8668 ip from any to any in via rl0
00200 17 964 divert 8668 ip from any to any out
On Sun, Apr 25, 2004 at 01:33:22PM +0200, Christoph Kukulies wrote:
I'm getting this in my log/messages:
Apr 25 13:25:42 mybox dhcpd: send_packet: Permission denied
Could it be that a certain firewall setting or something missing
would be causing this?
Possibly. It might be worth
Whatever the rules I'm using I get this message when booting and starting
ipfw :
ipfw: bad arguments, for usage summary ipfw
except if I use the /etc/rc.firewall file but that's another I don't know
why? it doesn't work with the SIMPLE argument in /etc/rc.conf and
modified with the right values.
Hi JP,
JP wrote:
Hi,
I have just got my firewall up and running.
Everything is running great except for inbound
sendmail connections. It appears my firewall is
blocking port 25 traffic. I can telnet localhost 25
and it works fine internally. From the outside world,
all I get is a connection
?
thanks,
Darryl
-Original Message-
From: Mike Jackson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 09, 2004 11:55 AM
To: Darryl Hoar
Subject: Re: Firewall DSL performance
Darryl Hoar ([EMAIL PROTECTED]) wrote:
Problem:
Recently, our ISP upgraded (at no charge) our
down a file,
how do I figure the Mbps ?
thanks,
Darryl
-Original Message-
From: JJB [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 8:46 AM
To: [EMAIL PROTECTED]
Subject: RE: Firewall DSL performance
If the ipfilter firewall had an performance problem, I am sure many
On Wed, Mar 10, 2004 at 08:10:05AM -0600, Darryl Hoar wrote:
Well,
last night I changed the ipf.rules file to be:
pass in all keep state
pass out all keep state
to completely open my firewall to test my performance.
Well, it didn't make a lick of difference. Still got
700K.
If I
Mike Jackson wrote:
Hi,
I have a 5.2.1 firewall box that also has a mailserver.
Goal:
- firewall can send and receive mail - rest of the world
- firewall can send and receive mail - internal LAN machines
- firewall blocks internal LAN machines from connecting to
external SMTP servers
Kevin D. Kinsey, DaleCo, S.P. ([EMAIL PROTECTED]) wrote:
So, you're using ipf or ipfilter, not
ipfw, as I take it from your syntax.
# ipfilter logging
ipmon_enable=yes
ipmon_flags=-D /var/log/ipflog
I imagine the ipfilter gurus on the
list would like to see your entire
ruleset.
I had to
Kevin D. Kinsey, DaleCo, S.P. ([EMAIL PROTECTED]) wrote:
have something to do with it. If the machine
is running NAT/divert whatever, it might
well be diverting before blocking? But I'm
wrong so often it's not very funny ... and
I use ipfw instead of ipf.
One last thing, I forgot to
--- Darryl Hoar [EMAIL PROTECTED] wrote:
Greetings,
I have used in the past http://www.schlacter.net/ as
a guide
to setting up my firewall. Does anyone have a
better,
more update one, as the acticle referenced is for
freebsd
4.6, not the 5.x version.
thanks,
Darryl
On Tue, Mar 02, 2004 at 03:03:37AM -0700, RYAN vAN GINNEKEN wrote:
Contents of my rc.conf file are included below. This machine is
eventually going to be a server (sendmail bind apache samba ) for a
differnt network so lots of stuff is commented out. I am new at running
more than on BSD
Thank you for your reply
Here is my kernel config file well just the options i added do you need
more of it?
which samples are you refering to and how come i never had problems like
this before??
options IPFIREWALL
options IPFIREWALL_VERBOSE
options
On Tue, Mar 02, 2004 at 03:23:24AM -0700, RYAN vAN GINNEKEN wrote:
Thank you for your reply
Here is my kernel config file well just the options i added do you need
more of it?
which samples are you refering to and how come i never had problems like
this before??
Compare to GENERIC or LINT
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
I looked at that. That's not what I mean. :) I mean, if I do not have to
build a new kernel to enable firewalling, logging and divert,
I've always done this with a kernel build. There may be a way to do the
latter two through loadable modules, but
On Sat, 28 Feb 2004 3:47 am, Derrick Ryalls wrote:
I have a port redirect, public port 5001 to an internal machine
port 3389, for Remote Desktop that works well in natd as long as I
don't fire up my custom firewall:
0005023427286 divert 8668 ip from any to any via sis0
00100 24
kldstat is the program you are looking for (like lsmod)
It can indeed be that the module is loaded with it's default
settings {block all}
Hope this solves your lsmod question, the rest i cannot help you
with since i don't understand ipfw :) {yet}
cheers
--
Kind regards,
Remko Lodder
Remko Lodder wrote:
kldstat is the program you are looking for (like lsmod)
It can indeed be that the module is loaded with it's default
settings {block all}
Hope this solves your lsmod question, the rest i cannot help you
with since i don't understand ipfw :) {yet}
Thanks! Yes, the ipfw.ko
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
-Warren Block * Rapid City, South Dakota USA
___
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
I looked at that. That's not what I mean. :) I mean, if I do not have to
On Fri, 27 Feb 2004 15:43:16 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just
need toknow how to enable things like divert and logging.
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your questions.
I'm still wading through it - it's quite a long read. I'll finish before
asking anything else.
On Fri, 27 Feb 2004 16:14:26 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your
Hello
Here are my ftp rules:
[snip
# FTP
ipfw add allow tcp from any to any 20 keep-state
ipfw add allow tcp from any to any 21 keep-state
ipfw add allow tcp from any 20 to me 1024-49151 keep-state # aktives FTP
ipfw add allow tcp from any 20 to 192.168.1.1/24 1024-49151 keep-state
ipfw add
It would help if you posted you ipfw rules file so people can review
them to look for your problem.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Martin
Schweizer
Sent: Friday, February 13, 2004 2:07 AM
To: [EMAIL PROTECTED]
Subject: Firewall rules for ftp
The cvsup process uses port 5999
add this rule to
# Allow out FBSD (make install CVSUP) functions
# Basically give user root GOD privileges.
allow tcp from me to any out via $pif setup keep-state uid root
$pif = interface facing the public internet
-Original Message-
From:
Hi Dan,
Hello, i am trying to make my webserver accessible to the net, i tried
to run the out of the box rc.firewall, but there was some
default rules
which blocked the 192.168.0 network which is my local lan
lol, so killed
it instead of helped it, anyway i tried setting it to open, but
Hi,
For example if you are using clint mode than go to client section for
firewall configuration you will se mynetwork en subnet section check you
wrote everything is correct.
f you have two difference network then add sone veriables like in example
of rc.conf which include 192.168.0.0
Xpression wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
What's your network look like?
If each box has a publicly routable IP address,
I'd definitely put the firewall on each of them.
On Wed, 31 Dec 2003, Xpression wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
That is totally up to you.
If you plan to do it on one of your FreeBSD machines I believe you will
need to
On Wed, 31 Dec 2003 09:59:10 -0500
Xpression [EMAIL PROTECTED] wrote:
Hi list, I've two servers running some services, now I want
to firewall both them, do I need to build it on router or in
the FreeBSD box...thanks.
___
[EMAIL PROTECTED]
On Thu, Nov 20, 2003 at 04:19:09PM -0800, Chip wrote:
Alex de Kruijff wrote:
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc
- Original Message -
From: Alex de Kruijff [EMAIL PROTECTED]
To: Chip [EMAIL PROTECTED]
Cc: FreeBSD Questions List [EMAIL PROTECTED]
Sent: Friday, November 21, 2003 1:24 PM
Subject: Re: firewall rules do not get read
On Thu, Nov 20, 2003 at 04:19:09PM -0800, Chip wrote:
Alex de
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip typed:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after that is
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
nothing after that is
Alex de Kruijff wrote:
On Wed, Nov 19, 2003 at 09:38:34PM -0800, Chip wrote:
I noticed my firewall rules are not being read. I have rc.conf set to
read the file rc.firewall. In rc.firewall the first line is add divert
natd etc etc. that is followed by pass all from any to any etc etc. Then
On Sat, Nov 08, 2003 at 01:00:06PM -0800, Jason C. Wells wrote:
If one of my clients makes a DNS query for a hostname that is not cached,
my firewall subsequently makes a flurry of PTR queries. I am at a loss to
explain why.
For example:
XX+/192.168.1.13/202.1.168.192.in-addr.arpa/PTR/IN
How does one get started on IPF...
By reading the IPFilter Howto:
http://www.obfuscation.org/ipf/ipf-howto.html
Enjoy :-)
--
Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/
* I take my wife everywhere, but she keeps finding her way back.
DM == Dmitry Mishchenko [EMAIL PROTECTED] writes:
DM - second card has another real IP (lets say 65.1.1.2) and connected to
DM Quintum VoIP box.
Personally, I would *never* put my quintum on a public IP even with a
firewall in front of it i run mine inside a NAT'd LAN, and let
remote sites
www.kgb.ro/Ipfw-HOWTO
HTH,
petre
On Wednesday 22 October 2003 18:05 Anno Domini, fbsd_user wrote using one of
his keyboards:
The FBSD handbook gives the idea that IPFW is the only firewall.
FBSD also comes with ipfilter which is much easier to use and
sertup. Google the questions archives
Do a quick google search on building freebsd firewall. I was building
a FreeBSD firewall this week, and several of these sites were very
helpful. There are sites for both ipfilter and ipfw. So, take your
pick. I'm using ipfilter, but either firewall method will be sufficient
for most
The FBSD handbook gives the idea that IPFW is the only firewall.
FBSD also comes with ipfilter which is much easier to use and
sertup. Google the questions archives for loads of info about
configuring ipfilter. You will be glade you did.
-Original Message-
From: [EMAIL PROTECTED]
On Wed, Oct 01, 2003 at 01:18:17PM -0500, Gary wrote:
I have set my firewall to
firewall_type=open
firewall_enable=YES
and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets..
I am getting a lot of virus activity on my SMTP port 25.
101 - 200 of 259 matches
Mail list logo