[Moved from -hackers to -questions, Followup is set.]
jett tayer schrieb:
i want to protect my freebsd box from the outside.
anyone who can help? any sample configs about
ipfw or ipf. which do u guys prefer of the two?
my box is running:
named
apache
qmail
popper
You may use /stand/sysinstall during installation to enable a firewall
with open, medium, or secure policy. If you already installed FreeBSD,
have a look at /etc/defaults/rc.conf. It lists the following settings:
---snip---
firewall_enable="NO"# Set to YES to enable firewall
functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a
file
---/snip---
the above mentioned rc.firewall script lists
---snip---
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
# client - will try to protect just this machine
# simple - will try to protect a whole network
# closed - totally disables IP services except via lo0 interface
# UNKNOWN - disables the loading of firewall rules.
# filename - will load the rules in the given filename (full path
required)
#
# For ``client'' and ``simple'' the entries below should be customized
# appropriately.
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
# Building Internet Firewalls
# Brent Chapman and Elizabeth Zwicky
#
# O'Reilly Associates, Inc
# ISBN 1-56592-124-0
# http://www.ora.com/
---/snip---
client and simple are default firewalls. For everything else you'll need
to read the above mentioned book (~850p.) or to hire an expert, cause
there is no such thing than an universal firewall.
HTH
-Christoph Sold
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
