At 07:18 PM 5/30/2012, Robert Bonomi wrote:
From jbiq...@intranet.com.mx Wed May 30 13:48:05 2012
Date: Wed, 30 May 2012 13:47:34 -0500
To: Robert Bonomi bon...@mail.r-bonomi.com
From: Jorge Biquez jbiq...@intranet.com.mx
Subject: Re: Firewall, blocking POP3
Cc: freebsd-questions
From owner-freebsd-questi...@freebsd.org Wed May 30 13:16:37 2012
Date: Wed, 30 May 2012 13:08:30 -0500
To: freebsd-questions@freebsd.org
From: Jorge Biquez jbiq...@intranet.com.mx
Cc:
Subject: Firewall, blocking POP3
Hello all.
I am sorry if the question is too basic.
I have a
Hello.
Thanks a lot!. Simple an elegant solution.
I just did that and of course it worked I just was wondering...
what if I need to have the service working BUT want to block those
break attemps? IN this and other services. ?
My guess is that it is a never ending process? I mean, block
See /usr/ports/security/py-fail2ban (http://www.fail2ban.org/). Used
in conjunction with FreeBSD's ipfw or pf firewall facility, you can
ban an attacking IP address for a set period of time after a
configurable amount of failed attempts. Fail2ban watches your log
files for you and then triggers
From jbiq...@intranet.com.mx Wed May 30 13:48:05 2012
Date: Wed, 30 May 2012 13:47:34 -0500
To: Robert Bonomi bon...@mail.r-bonomi.com
From: Jorge Biquez jbiq...@intranet.com.mx
Subject: Re: Firewall, blocking POP3
Cc: freebsd-questions@freebsd.org
Hello.
Thanks a lot!. Simple
Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could be
Olivier Nicole wrote:
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
[...]
Is there any solution that exists?
I looked at pfSense, but captive portal does not work on bridged
interfaces; it's one or the other.
Hi Chris,
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could be
avoided with
Olivier Nicole wrote:
Hi Chris,
I need to implement a firewall with bridged interfaces that offers
captive portal (authentication before opening the traffic).
We are using a combination of squid+ipfw. Although we are NATing the
users, that really just introduces needless complexity that could
On Thu, 27 Nov 2008 12:07:50 +0100 (CET)
Wojciech Puchar [EMAIL PROTECTED] wrote:
Yeah. Limewire is written in Java (iirc), which makes it extremely
easy to port it to any system that can run java.
for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
if you only want
On Wed, 26 Nov 2008 23:25:21 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
The Limewire website says it has versions for Windows, Mac OS X, Linux and
others, including OS/2 and Solaris.
furthermore, you can just download the source and make it run from within
Eclipse (with some tweaks regarding
because historically ISPs used those ports for throttling.
+1 . skype does the same thing. and it's p2p too , although a lot less so
than limewire.
well ther are excellent method to block skype when using HTTP proxy not
NAT ;) (skype can do through proxy)
Yeah. Limewire is written in Java (iirc), which makes it extremely
easy to port it to any system that can run java.
for P2P sharing rtorrent (/usr/ports/net-p2p/rtorrent) works excellent
___
freebsd-questions@freebsd.org mailing list
Fbsd1 [EMAIL PROTECTED] escribió:
These applications have predefined ports they use to start up the
bi-directional packet conversation. But them unsolicited packeted
come in from other pc nodes to share data using a wide range of high
port numbers. IPFW, IPF, and PF don't seem to have a
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 [EMAIL PROTECTED] wrote:
I have inclusive firewall rule set which means only packets matching
the rules are passed through. The inbound hight port numbers are
blocked by design.
How do other firewall users code rules to allow limewire to work?
I
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration will let them pass unless I'm
forgetting something important.
ed
I
Andrew Gould [EMAIL PROTECTED] escribió:
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration will let them pass unless I'm
sorry for asking but what are this limewire programs are?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often
[EMAIL PROTECTED] writes:
Andrew Gould [EMAIL PROTECTED] escribió:
On Wed, Nov 26, 2008 at 8:13 AM, [EMAIL PROTECTED] wrote:
Hmmm. Isn't life interesting. I would like to know how to block them and
others without causing strange secondary problems.
Actually a default pf configuration
On Wed, 26 Nov 2008 10:54:43 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
On Wed, 26 Nov 2008 10:54:43 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 10:42 AM, Wojciech Puchar
[EMAIL PROTECTED] wrote:
sorry for asking but what are this limewire programs are?
My unofficial take on it is that limewire is a peer-to-peer sharing
dick hoogendijk wrote:
I know, I'm cynical here, but limewire is not all bad!
...and, BTW, Limewire port is readily available for FreeBSD:
http://cvsweb.freebsd.org/ports/net-p2p/limewire
LimeWire is a fast, easy-to-use file sharing program that contains no
spyware, adware or other
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans, spyware, etc.
that's my
When people ask my advice about computers, I always include: Never use
Limewire, or anything like it.
just downloading/sharing files allows you to download viruses, but it's
up to you to run them.
well unless P2P program is really broken, or you are sharing executables.
for sharing movies,
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one of the
fastest, most effective ways to spread viruses, trojans,
On Wed, 26 Nov 2008 09:28:49 -0600
Andrew Gould [EMAIL PROTECTED] wrote:
When the last culprit get's his computer back, he
will find it running an operating system that is not supported by Limewire.
DOS 6.0 ? :P it's java...
The next time, he'll get it back without a network card.
ouch,
On Wed, 26 Nov 2008 18:52:16 +
RW [EMAIL PROTECTED] wrote:
[..]
It is one of the
fastest, most effective ways to spread viruses, trojans, spyware, etc.
The program does not use fixed ports, so the services are hard to
block. In essence, the program gets the user to bypass
Fbsd1 wrote:
[snip]
Limewire is a windows only application.
So how can you say it runs on solaris which is a flavor Unix?
Limewire is a Java program. It will run on any platform which has a
working Java run time environment installed. It is definitely not
Windows only.
-Jason
On Wed, 26 Nov 2008 21:40:27 +0800
Fbsd1 [EMAIL PROTECTED] wrote:
I have inclusive firewall rule set which means only packets matching
the rules are passed through. The inbound hight port numbers are
blocked by design.
How do other firewall users code rules to allow limewire to work?
Hi,
i
On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 [EMAIL PROTECTED] wrote:
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share files,
usually music, often copyrighted, over the internet. It is one
On Thu, Nov 27, 2008 at 12:25 AM, Andrew Gould
[EMAIL PROTECTED] wrote:
On Wed, Nov 26, 2008 at 6:40 PM, Fbsd1 [EMAIL PROTECTED] wrote:
dick hoogendijk wrote:
My unofficial take on it is that limewire is a peer-to-peer sharing
application used by Windows, Mac OS X and Linux users to share
On Behalf Of RW
I don't normally do this as Watson is usually less impressed when
Holmes reveals his working, but the clues were there. He wrote:
install software with ports (i.e, the
/usr/ports collection.)
and
FTP to grab source files from mirrors
If you combine that
On Fri, Oct 10, 2008 at 12:45:04PM -0400, John Almberg wrote:
I just set up a new server with a very restricted PF configuration. One
problem: I can no longer install software with ports (i.e, the /
usr/ports collection.) I have to disable PF to do so. Obviously not a
great solution.
Am
On Fri, 10 Oct 2008 09:51:16 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
On Fri, Oct 10, 2008 at 12:45:04PM -0400, John Almberg wrote:
I just set up a new server with a very restricted PF configuration.
One problem: I can no longer install software with ports (i.e,
the / usr/ports
On Fri, Oct 10, 2008 at 06:54:32PM +0100, RW wrote:
On Fri, 10 Oct 2008 09:51:16 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
On Fri, Oct 10, 2008 at 12:45:04PM -0400, John Almberg wrote:
I just set up a new server with a very restricted PF configuration.
One problem: I can no longer
problem: I can no longer install software with ports (i.e, the /usr/ports
collection.) I have to disable PF to do so. Obviously not a great solution.
Am I correct in guessing that ports uses FTP to grab source files from
FTP or HTTP.
if you have http proxy like squid in your network do
On Fri, 10 Oct 2008 11:41:40 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
On Fri, Oct 10, 2008 at 06:54:32PM +0100, RW wrote:
On Fri, 10 Oct 2008 09:51:16 -0700
Jeremy Chadwick [EMAIL PROTECTED] wrote:
passive ftp has been the default for long time, fetch is called
with the -p option.
sh/bash: export FTP_PASSIVE_MODE=true
csh: setenv FTP_PASSIVE_MODE true
First off, this did solve the problem. Thank you, Jeremy.
Now, as to the why...
That's odd, because if you are running 7.x with a default settings,
FTP_PASSIVE_MODE should be irrelevant to fetching distfiles - even
Woj, another of the few joys of -digests: two birds with one stone:
is there a way to check on running system how much CPU time is used to
perform firewalling/traffic manager - be it pf or ipfw?
Sure, compare ping times / traffic throughput with firewall turned off
and on? I recall that a
is there a way to check on running system how much CPU time is used to
perform firewalling/traffic manager - be it pf or ipfw?
Sure, compare ping times / traffic throughput with firewall turned off
and on?
this will not measure CPU load but delays. delays are unnoticable and
doesn't look
Chad Perrin wrote:
My preferred firewall these days, for general use, is pf. I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD. Until now, this
Matthew Seaman wrote:
pf will perform very well. I don't know if anyone has benchmarked it
against ipfw, but I suspect that any difference in performance is pretty
minimal. If you're just doing packet filtering and using a fairly run of
the mill modern machine, you should be able to keep up
My preferred firewall these days, for general use, is pf. I seem to
recall someone who has used it in high-load scenarios that it can kinda
choke at high loads, though I don't recall whether that was due to pf
itself or the fact he was running it on OpenBSD. Until now, this has not
been a
Actually, I tracked down the guy who had originally given a poor review
of pf performance, and it turns out that the missing part of his review
was related to use of dummynet for bandwidth management. Since I'm not
planning to use dummynet for bandwidth management, that's not really a
factor we
High load may or may not be a problem depending on your traffic patterns.
I've seen pf firewalls suffer by running out of state-table space in
situations where there are a lot of fairly short-lived but low volume
network connections. The default is 10,000 states. If your firewall machine
is
Lucas Neves Martins wrote:
422 ipfw add 950 divert 8082 tcp from any to any 80 via em0
Hi!
I do something similar, except with a small home-grown server used to
serve 'You are banned' pages to people who insist on driving my poor
little webserver into swap.
The directive you're looking for
On Nov 30, 2007 5:59 AM, Lucas Neves Martins [EMAIL PROTECTED] wrote:
Hello guys,
I´m having the following problem:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
I´m new on freeBSD, Of course, I had looked out on google, and read the
firewall section on the
On 11/30/07, Lucas Neves Martins [EMAIL PROTECTED] wrote:
Hello guys,
I´m having the following problem:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
I´m new on freeBSD, Of course, I had looked out on google, and read the
firewall section on the Handbook.
But
Lucas Neves Martins wrote:
Redirect requests from the port 80, to the port 8082. - for apache tomcat.
[[snip]]
422 ipfw add 950 divert 8082 tcp from any to any 80 via em0
425 ipfw add 950 divert 8082 tcp from any to any 80 via em0
428 ipfw add 950 divert 80 tcp from any to any 8082
Rodrigo Moura Bittencourt [EMAIL PROTECTED] wrote:
Prazado Bill Moran,
Take a bit of advice -- wildly CCing dozens of people is just going to piss
people off and cause them to start ignoring you. You'll get much more
helpful results if you take the time to understand who you need to be
Rodrigo Moura Bittencourt [EMAIL PROTECTED] wrote:
Dear Gentlemen,
We INPE / CPTEC an institution of meteorology government of Brazil, we
are having trouble accessing the servers of FreeBSD, we believe that
your firewall is blocking our access.
While this is possible, I find it unlikely.
I've made a /etc/rc.firewall.local I may rename it in the future
to stand out more, but we'll see how it goes for now.
Neat. Have fun with the new firewall ruleset then.
Thanks. I wish it wasn't necessary, but the server runs MySQL
and if I turn TCPwrappers on, someone just
On 2007-08-02 14:49, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Giorgos Keramidas wrote:
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script?
On Thu, 2 Aug 2007 12:36:51 -0400 (EDT)
Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering
what the standard is for putting my version of an ipfw
firewall_script?
I'd normally drop it onto /usr/local/etc somewhere,
On Thu, Aug 02, 2007 at 10:04:20AM -0400, [EMAIL PROTECTED] wrote:
It might not be as challenging as rolling your own... but have you
considered using one of the ready-to-install BSD firewall/router
packages like m0n0wall ? http://m0n0.ch/wall/
I have thinked about it. I have tried monowall
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script?
I usually save my rules in '/etc/pf.conf' or '/etc/ipfw.rules'.
It's not like the '/etc'
On 2007-08-02 12:36, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I'm developing firewall rules for a machine, and I'm wondering what
the standard is for putting my version of an ipfw firewall_script?
I usually save my rules in '/etc/pf.conf' or '/etc/ipfw.rules'.
It's not like
Hèrvé Simplice van der Eijk wrote:
on 1 machine I set up a freebsd 5.4 server with dhcp, dns, ldap
running on it.
on an other machine I set up apachy webserver and both are working fine.
when I'm making an http request on a windows client (internet explore)
it shows my web site.
but
Hèrvé Simplice van der Eijk wrote:
on 1 machine I set up a freebsd 5.4 server with dhcp, dns, ldap
running on it.
on an other machine I set up apachy webserver and both are working fine.
when I'm making an http request on a windows client (internet explore)
it shows my web site.
but
On 09/21/2006 16:13, Robert C Wittig wrote:
Hèrvé Simplice van der Eijk wrote:
on 1 machine I set up a freebsd 5.4 server with dhcp, dns, ldap
running on it.
on an other machine I set up apachy webserver and both are working fine.
when I'm making an http request on a windows client
Hèrvé Simplice van der Eijk wrote:
on 1 machine I set up a freebsd 5.4 server with dhcp, dns, ldap running on
it.
on an other machine I set up apachy webserver and both are working fine.
when I'm making an http request on a windows client (internet explore) it
shows my web site.
but
Mark Moellering wrote:
I am attempting to add a wireless capabilities to an existing network /
firewall structure. I added a wireless NIC card to the firewall (Netgear
WPN311) and followed the wireless instructions. I also added a similar card
to an existing computer (Netgear WG311T).
The
Dennis,
Thanks so much for your help. Here is the ifconfig -v and netstat (a
variety) from both the client and firewall.
Both the client and the firewall have an ath0 (192.168.2.1 for
firewall,
192.168.2.5 for the client) and a bge0 (192.168.1.1 for firewall, 192.168.1.2
This may be a wild shot in the dark.
Netgear WPN311 WG311T are both CLIENT RangeMax Wireless PCI
Adapter cards.
Looks to me like you are missing hardware needed to make your wanted
wireless network to work.
On your wired LAN you cable a Nic card in your gateway box to
a hub/router/switch through
net.link.ether.bridge.enable=1
net.link.ether.bridge.config=bge0, ath0
Let's have a look at ifconfig and netstat -r. Whats with this bridge?
Think you'd be better off without it.
___
freebsd-questions@freebsd.org mailing list
On Thursday 18 May 2006 14:48, Chad Leigh -- Shire.Net LLC wrote:
On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote:
I want to run 6.1_RELEASE with Packet Filter(PF) configured as
a gateway using 2 identical 10/100 nics, on an old 450mhz
I have a Pentium III 600Mhz 720MB Ram running FreeBSD 4.10 with
IPFW+Nat+Squid+Qmail with Clamav+dnscache, routing 4 internal networks
(around 500 users), 3x 2Mbit/s links and a 1Mb internet link. Everything
works perfect !!
I will change the machine by the same problem that Josh said.
Regards,
On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote:
I want to run 6.1_RELEASE with Packet Filter(PF) configured as
a gateway using 2 identical 10/100 nics, on an old 450mhz
pentium with 256 meg ram and an 8 gig HD.
In general, should I expect any speed performance issues with
internet access
On May 18, 2006, at 12:39 PM, Giorgos Keramidas wrote:
On 2006-05-18 11:03, bc [EMAIL PROTECTED] wrote:
I want to run 6.1_RELEASE with Packet Filter(PF) configured as
a gateway using 2 identical 10/100 nics, on an old 450mhz
pentium with 256 meg ram and an 8 gig HD.
In general, should I
On 2006-04-06 21:04, ilyana ramlan [EMAIL PROTECTED] wrote:
hello,
i have another question,
Do i have to install IPTable before configuring
hosts.allow file?
There is no such thing as IPTable on FreeBSD.
___
freebsd-questions@freebsd.org mailing
You need to read the firewall section of the freebsd handbook.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.
html
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of ilyana
ramlan
Sent: Friday, April 07, 2006 12:04 AM
To:
ilyana ramlan wrote:
hello,
i have another question,
Do i have to install IPTable before configuring
hosts.allow file?
thanks
No; TCP wrappers are independent of your firewall.
Also, and I'm ready to stand corrected, but iptable
isn't a part of FreeBSD, and aren't even ported AFAIK.
Rodrigo G. Tavares de Souza wrote:
Hi,
I was configuring the Firewall when I got this message:
Mar 20 11:16:08 bsd-net kernel: ipfw: limit 100 reached on entry 835
And the firewall stoped to create log messages after this message.
What I do need to do to IPFW do not stop writing the
On 20/3/06 14:57, Rodrigo G. Tavares de Souza
[EMAIL PROTECTED] wrote:
Hi,
I was configuring the Firewall when I got this message:
Mar 20 11:16:08 bsd-net kernel: ipfw: limit 100 reached on entry 835
And the firewall stoped to create log messages after this message.
What I
Brian Bobowski wrote:
Norberto Meijome wrote:
Brian Bobowski wrote:
I'm poking at that now, yes. I had difficulty getting it to work with
virtual hosts... but I can at least reference it by the private-side IP
address and get places.
assuming you are using Apache, you can use * for
Brian Bobowski wrote:
All right. I've got my firewall up and running, and my workstation can
get almost anywhere it needs to just fine.
you dont' say if you are using ipfw, ipf , pf
I can access it by directly referencing the private-interface IP, but if
my workstation tries to get to
Norberto Meijome wrote:
Brian Bobowski wrote:
All right. I've got my firewall up and running, and my workstation can
get almost anywhere it needs to just fine.
you dont' say if you are using ipfw, ipf , pf
Sure I do. IPFW; mentioned lower down.
I can access it by directly
Brian Bobowski wrote:
Norberto Meijome wrote:
Brian Bobowski wrote:
All right. I've got my firewall up and running, and my workstation can
get almost anywhere it needs to just fine.
you dont' say if you are using ipfw, ipf , pf
Sure I do. IPFW; mentioned lower down.
sorry
Norberto Meijome wrote:
Brian Bobowski wrote:
I'm poking at that now, yes. I had difficulty getting it to work with
virtual hosts... but I can at least reference it by the private-side IP
address and get places.
assuming you are using Apache, you can use * for Ip address and let it
On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote:
Hello,
How can I add firewall log messages to syslogd, I have
added the following lines to the syslog.conf:
# router
+router
*.* /var/log/router.log
Also, syslogd is running with the flag -a with the ip
On Sun, Oct 30, 2005 at 09:22:39AM -0600,
Eric F Crist wrote:
On Oct 29, 2005, at 10:32 PM, Daniel Molina Wegener wrote:
Hello,
How can I add firewall log messages to syslogd, I have
added the following lines to the syslog.conf:
# router
+router
*.*
--On Wednesday, September 21, 2005 21:05:36 +0200 Kiffin Gish
[EMAIL PROTECTED] wrote:
I have installed FreeBSD 5.4 on my Dell Inspiron 8200 using WiFi to
access the Internet.
My question is what are the pros and cons of running a firewall on my
client, e.g. is it really necessary.
I mean
On Wed, 21 Sep 2005 21:05:36 +0200
Kiffin Gish [EMAIL PROTECTED] wrote:
I have installed FreeBSD 5.4 on my Dell Inspiron 8200 using WiFi to
access the Internet.
My question is what are the pros and cons of running a firewall on my
client, e.g. is it really necessary.
I mean it's not
On Wed, 2005-09-21 at 19:20 +, Marcin Jessa wrote:
On Wed, 21 Sep 2005 21:05:36 +0200
Kiffin Gish [EMAIL PROTECTED] wrote:
I have installed FreeBSD 5.4 on my Dell Inspiron 8200 using WiFi to
access the Internet.
My question is what are the pros and cons of running a firewall on
On Wed, Sep 21, 2005 at 09:05:36PM +0200, Kiffin Gish wrote:
I have installed FreeBSD 5.4 on my Dell Inspiron 8200 using WiFi to
access the Internet.
My question is what are the pros and cons of running a firewall on my
client, e.g. is it really necessary.
A pro would be that a firewall
On 8/30/05, Ionut Anghel [EMAIL PROTECTED] wrote:
Hi,
I'm trying to setup a Firewall/NAT/Traffic Shapper server using FreeBSD 5.3
I install all the packages, including kernel sources...everything's ok.
Then I activate ipnat and natd in rc.conf and all the clients behind the
router can
--On June 26, 2005 12:40:14 AM +0100 Alex Zbyslaw [EMAIL PROTECTED]
wrote:
Paul Schmehl wrote:
--On June 25, 2005 8:42:24 AM +0200 mess-mate [EMAIL PROTECTED] wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support
* Paul Schmehl [EMAIL PROTECTED] [2005-06-24 12:58:51 -0500]:
I've been using pf for a few years now, and I've never had problems
understanding the syntax or how it works (but I also never do NAT, so
that might be the reason it seems easy to me.)
Yes, pf is great, but doing NAT with pf is also
Giorgos Keramidas wrote:
On 2005-06-26 00:40, Alex Zbyslaw [EMAIL PROTECTED] wrote:
Paul Schmehl wrote:
pf on freebsd does support the quick keyword. The default
firewall, ipfw, does not.
This makes no sense to me. The two firewalls work very differently.
[...]
You
On 2005-06-26 22:15, Alex Zbyslaw [EMAIL PROTECTED] wrote:
Giorgos Keramidas wrote:
On 2005-06-26 00:40, Alex Zbyslaw [EMAIL PROTECTED] wrote:
pf on freebsd does support the quick keyword. The default
firewall, ipfw, does not.
This makes no sense to me. The two firewalls work very
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Khanh Cao
Van
Sent: Friday, June 24, 2005 9:33 AM
To: freebsd-questions
Subject: firewall on freebsd
I'm going to learn about the freebsd firewall . In the handbook list
some of them and I could not
...snip...
|
| Personally, I like the quick keyword of the OpenBSD firewall, (but not
enough to bother
| installing it.)
|
| Paul Schmehl ([EMAIL PROTECTED])
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick'
On Sat, Jun 25, 2005 at 08:42:24AM +0200, mess-mate wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
I don't know if they're
mess-mate wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
It's a port, pf on FBSD 5.4 is the same as pf on OBSD 3.6, AFAIK. So if
On Saturday 25 June 2005 05:19 am, Erik Nørgaard wrote:
mess-mate wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
It's a port,
Andrew L. Gould [EMAIL PROTECTED] wrote:
| On Saturday 25 June 2005 05:19 am, Erik Nørgaard wrote:
| mess-mate wrote:
| I've a firewall/router/proxy with openbsd and think to replace it
| with freebsd 5.4
| Do you mean freebsd's PF don't support the 'quick' keyword ??
| Thought PF on
--On June 25, 2005 8:42:24 AM +0200 mess-mate [EMAIL PROTECTED] wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
pf on freebsd does
Paul Schmehl wrote:
--On June 25, 2005 8:42:24 AM +0200 mess-mate [EMAIL PROTECTED] wrote:
I've a firewall/router/proxy with openbsd and think to replace it
with freebsd 5.4
Do you mean freebsd's PF don't support the 'quick' keyword ??
Thought PF on freebsd and openbsd was identical, isn't ?
On 2005-06-26 00:40, Alex Zbyslaw [EMAIL PROTECTED] wrote:
Paul Schmehl wrote:
pf on freebsd does support the quick keyword. The default
firewall, ipfw, does not.
This makes no sense to me. The two firewalls work very differently.
In pf, each rule is always processed on every packet and
1 - 100 of 259 matches
Mail list logo