Re: Firewall questions
Only a little note about the comment: On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), Since i have been reading the Ipfilter maillist, you can see that Ipfilter now runs on Linux too. This is only information. Greetings. On Mar 23, 2005 1:03 PM, Ean Kingston [EMAIL PROTECTED] wrote: I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. If it's a firewall you might want to upgrade to the latest in the series you are using (4.11). There may be security holes in 4.8 by now. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Have a look at amavis (it's in the ports collection). I've never used it but it's been mentioned a number of times on various lists. Also, F-Prot (www.f-prot.com http://www.f-prot.com) provides an AV product for FreeBSD (NetBSD, and OpenBSD too). They even have a mail scanner product. I used the file scanner for a while but stopped the last time I upgraded the OS. Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? For simplicity, get one of the Firewall Router devices and stick your FreeBSD system behind it. Most have a web interface to manage them. Just make sure you get the Firewall model and not the Router with NAT model. Unless you get lucky, the guy a Best Buy (or whereever) won't have a clue about the differences and will not be able to help even if he thinks he is helping. You need to do your research on this. On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD firewall. All are included with the FreeBSD distribution but require a kernel recomple (it's explained in the handbook and isn't nearly as scary as it sounds). All are about a complicated to configure/manage. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
Only a little note about the comment: On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), Since i have been reading the Ipfilter maillist, you can see that Ipfilter now runs on Linux too. This is only information. Greetings. Wow, I stand corrected. The last time I talked to Darren (years ago) he said IPFilter would never run on Linux. I guess the Linux folks fixed whatever was vexing him about their architecture. On Mar 23, 2005 1:03 PM, Ean Kingston [EMAIL PROTECTED] wrote: I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. If it's a firewall you might want to upgrade to the latest in the series you are using (4.11). There may be security holes in 4.8 by now. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Have a look at amavis (it's in the ports collection). I've never used it but it's been mentioned a number of times on various lists. Also, F-Prot (www.f-prot.com http://www.f-prot.com) provides an AV product for FreeBSD (NetBSD, and OpenBSD too). They even have a mail scanner product. I used the file scanner for a while but stopped the last time I upgraded the OS. Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? For simplicity, get one of the Firewall Router devices and stick your FreeBSD system behind it. Most have a web interface to manage them. Just make sure you get the Firewall model and not the Router with NAT model. Unless you get lucky, the guy a Best Buy (or whereever) won't have a clue about the differences and will not be able to help even if he thinks he is helping. You need to do your research on this. On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD firewall. All are included with the FreeBSD distribution but require a kernel recomple (it's explained in the handbook and isn't nearly as scary as it sounds). All are about a complicated to configure/manage. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. If it's a firewall you might want to upgrade to the latest in the series you are using (4.11). There may be security holes in 4.8 by now. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Have a look at amavis (it's in the ports collection). I've never used it but it's been mentioned a number of times on various lists. Also, F-Prot (www.f-prot.com) provides an AV product for FreeBSD (NetBSD, and OpenBSD too). They even have a mail scanner product. I used the file scanner for a while but stopped the last time I upgraded the OS. Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? For simplicity, get one of the Firewall Router devices and stick your FreeBSD system behind it. Most have a web interface to manage them. Just make sure you get the Firewall model and not the Router with NAT model. Unless you get lucky, the guy a Best Buy (or whereever) won't have a clue about the differences and will not be able to help even if he thinks he is helping. You need to do your research on this. On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only, IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD firewall. All are included with the FreeBSD distribution but require a kernel recomple (it's explained in the handbook and isn't nearly as scary as it sounds). All are about a complicated to configure/manage. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
Well, I suggest PF from openbsd ok, it's really simple, and it exist a good page on freebsd to learn how it works ok see ya Le Wed, Mar 23, 2005 at 03:47:10PM -0500, Shawn B a écrit: From: Shawn B [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Date: Wed, 23 Mar 2005 15:47:10 -0500 (EST) Subject: Firewall questions I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? All help is greatly appreciated. __ Post your free ad now! http://personals.yahoo.ca -- Vincent Bachelier [EMAIL PROTECTED] Language: Francais / English Societ(e/y) : Solintech - http://www.solintech.fr - Serveurs linux Citation (fortune): How long a minute is depends on which side of the bathroom door you're on. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall questions
http://www.unixguide.net/freebsd/fbsd_installguide/index.php This install guide covers both of the 2 firewalls that come built in to FreeBSD for all 4.x release. Software firewalls are heads and shoulders above hardware firewalls which can not do stateful type of protection. I recommend ipfilter over ipfw as it so much easier to use and is supported be its own open source development team. Its been stable for a long time while ipfw is FreeBSD developed and has been rewritten between 4.8 and 5.3 Firewalls only protect your private network and not email content for various. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shawn B Sent: Wednesday, March 23, 2005 3:47 PM To: freebsd-questions@freebsd.org Subject: Firewall questions I have been looking for a great firewall, something not too technical, since I have only been using FreeBSD for two months now. I have FreeBSD-4.8 installed, Apache-1.3, and Netqmail-1.05. I am also planning on running an NTP time server and possibly a forum in the future. The web site is expected to become a well-recognized site, so that complicates matters. More attention to the site means more attacks. Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? Any suggestions as to what firewall would provide me with the best protection, while not being overly too complicated? All help is greatly appreciated. __ Post your free ad now! http://personals.yahoo.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall questions
http://www.unixguide.net/freebsd/fbsd_installguide/index.php This install guide covers both of the 2 firewalls that come built in to FreeBSD for all 4.x release. Software firewalls are heads and shoulders above hardware firewalls which can not do stateful type of protection. You might want to check your sources again. My Linksys hardware firewalls do a good job of providing statefull packet inspection. -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
On Wednesday 23 March 2005 21:03, Ean Kingston wrote: Also, I am looking for antiviral protection for both the FreeBSD server, and any Windows or Macintosh systems that may be using the POP mail. I know qmail has one solution, which was contributed by a qmail user, but what are the alternatives? There are very few anti-virus packages for FreeBSD. AFAIK there are no viruses that target FreeBSD. There are a few that target x86 hardware but these don't propagate over the 'net. Clamav is supposed to be good for filtering windows viruses out of email. I know Fastmail.fm dropped Kaspersky in favour of Clamav, they claimed the updates to be at least as good. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall questions
--On Wednesday, March 23, 2005 09:45:56 PM + RW [EMAIL PROTECTED] wrote: Clamav is supposed to be good for filtering windows viruses out of email. I know Fastmail.fm dropped Kaspersky in favour of Clamav, they claimed the updates to be at least as good. We did some pretty thorough testing of Clamav, uvscan (McAfee) and sophie (Sophos) side by side on a mail gateway using amavisd. Clamav was *almost* as good as McAfee and definitely better than Sophos at detecting viruses. Clamav beat uvscan hands down on cpu usage and detection of Phishing scams. Here's our latest stats - clamav is primary. uvscan only gets used if clamav doesn't detect a virus. These statistics represent data from 2005-03-01 to yesterday Total detections - 7369 Total phishing scams - 7080 Total viruses - 289 Total McAfee - 23 Total ClamAV - 266 The last two lines are *unique* detections. Basically what it means is that clamav missed 23 viruses that uvscan subsequently caught. So clamav has a 92.04% virus detection rate so far for the month. (Updates are fetched and installed automatically for both scanners.) When I was keeping separate stats on each, clamav ran about a half a percent behind uvscan and sophie *never* had an independent detection. It also had a much lower detection rate. (E.g. clamav 94.6, uvscan 95.3, sophie 91.8) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]