firewalling policy
From: VA (listat_at_synty.net)
Date: 02/19/04
- Previous message: Andrew Nelson: "Cannot rsh as root (FreeBSD 5.2)"
- Next in thread: Felipe Neuwald: "Re: firewalling policy"
- Reply: Felipe Neuwald: "Re: firewalling policy"
- Maybe reply: Sten Daniel Sørsdal: "RE: firewalling policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 19 Feb 2004 14:54:07 +0200 (EET) To: freebsd-isp@freebsd.org
Hi fellow SysAdmins,
I'm building a FreeBSD route/firewall for a little heavier use. I will use
pf for firewall because it's more familiar and since I need to maintain a
few OpenBSD boxes as well.
Anyways I was hoping to get an opinion for a firewall rule structure.
There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs.
What is the best point to firewall? Naturally default block strategy
assumed. I know each interface need rules to achieve good security, but
what about external interface (WAN
link)? Is it safe just to firewall each internal interface, because
otherwise I need "double rules" and it get's more complicated.
Any other hints to give or good optimized examples for pf in larger
enviroment? I will surely make a public document once I get this up and
running.
Thanks in advance and specially all you developers of this great OS!
-Vesa, SysAdmin, Finland
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Andrew Nelson: "Cannot rsh as root (FreeBSD 5.2)"
- Next in thread: Felipe Neuwald: "Re: firewalling policy"
- Reply: Felipe Neuwald: "Re: firewalling policy"
- Maybe reply: Sten Daniel Sørsdal: "RE: firewalling policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
