Re: Firewall questions

From: Ean Kingston (ean_at_hedron.org)
Date: 04/01/05

  • Next message: Richard Morse: "Compiling DBD::Oracle against Oracle 10g (Linux)?" 
    Date: Fri, 1 Apr 2005 11:05:08 -0500 (EST)
To: freebsd-questions@freebsd.org

    > Only a little note about the comment:
    >
    > "On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only,
    > IPF runs on many OSes (but not Linux),"
    >
    > Since i have been reading the Ipfilter maillist, you can see that Ipfilter
    > now
    > runs on Linux too. This is only information. Greetings.

    Wow, I stand corrected. The last time I talked to Darren (years ago) he
    said IPFilter would never run on Linux. I guess the Linux folks fixed
    whatever was vexing him about their architecture.

    > On Mar 23, 2005 1:03 PM, Ean Kingston <ean@hedron.org> wrote:
    >>
    >> > I have been looking for a great firewall, something
    >
    >> > not too technical, since I have only been using
    >> > FreeBSD for two months now.
    >> >
    >> > I have FreeBSD-4.8 installed, Apache-1.3, and
    >> > Netqmail-1.05. I am also planning on running an NTP
    >> > time server and possibly a forum in the future. The
    >> > web site is expected to become a well-recognized site,
    >> > so that complicates matters. More attention to the
    >> > site means more attacks.
    >>
    >> If it's a firewall you might want to upgrade to the latest in the series
    >> you are using (4.11). There may be security holes in 4.8 by now.
    >>
    >> > Also, I am looking for antiviral protection for both
    >> > the FreeBSD server, and any Windows or Macintosh
    >> > systems that may be using the POP mail. I know qmail
    >> > has one solution, which was contributed by a qmail
    >> > user, but what are the alternatives?
    >>
    >> There are very few anti-virus packages for FreeBSD. AFAIK there are no
    >> viruses that target FreeBSD. There are a few that target x86 hardware
    >> but
    >> these don't propagate over the 'net.
    >>
    >> Have a look at amavis (it's in the ports collection). I've never used it
    >> but it's been mentioned a number of times on various lists.
    >>
    >> Also, F-Prot (www.f-prot.com <http://www.f-prot.com>) provides an AV
    > product for FreeBSD (NetBSD,
    >> and OpenBSD too). They even have a mail scanner product. I used the file
    >> scanner for a while but stopped the last time I upgraded the OS.
    >>
    >> >
    >> > Any suggestions as to what firewall would provide me
    >> > with the best protection, while not being overly too
    >> > complicated?
    >>
    >> For simplicity, get one of the Firewall Router devices and stick your
    >> FreeBSD system behind it. Most have a web interface to manage them. Just
    >> make sure you get the Firewall model and not the Router with NAT model.
    >> Unless you get lucky, the guy a Best Buy (or whereever) won't have a
    >> clue
    >> about the differences and will not be able to help even if he thinks he
    >> is
    >> helping. You need to do your research on this.
    >>
    >> On FreeBSD you have a choice of IPFW, IPF, and PF. IPFW is FreeBSD only,
    >> IPF runs on many OSes (but not Linux), and PF is a port of the OpenBSD
    >> firewall. All are included with the FreeBSD distribution but require a
    >> kernel recomple (it's explained in the handbook and isn't nearly as
    >> scary
    >> as it sounds). All are about a complicated to configure/manage.
    >>
    >> --
    >> Ean Kingston
    >> E-Mail: ean_AT_hedron_DOT_org
    >> PGP KeyID: 1024D/CBC5D6BB
    >> URL: http://www.hedron.org/
    >>
    >>
    >> _______________________________________________
    >> freebsd-questions@freebsd.org mailing list
    >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    >> To unsubscribe, send any mail to "
    > freebsd-questions-unsubscribe@freebsd.org"
    >>
    > _______________________________________________
    > freebsd-questions@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to
    > "freebsd-questions-unsubscribe@freebsd.org"
    > 

    -- 
Ean Kingston
    E-Mail: ean_AT_hedron_DOT_org
 PGP KeyID: 1024D/CBC5D6BB
       URL: http://www.hedron.org/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Richard Morse: "Compiling DBD::Oracle against Oracle 10g (Linux)?"

    Relevant Pages

    • Re: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
      ... They both exist as part of the base FreeBSD ... both ipf and ipfw are "native" to FreeBSD. ... > native firewall, ...
      (FreeBSD-Security)
    • Re: The way forward
      ... > Pf seems to scale better than netfilter/iptables, ipfw, or ipf. ... > basically "Why would we need another packet filter?" ... FreeBSD randomizes ISNs, ...
      (FreeBSD-Security)
    • Re: FreeBSD 4.x Opteron Question
      ... the FreeBSD developers told everyone that 5.3 was da ... initially over linux not because there's a bunch of good guys on the ... My tests measure kernel performance; ... > a networking device is a key performance indicator. ...
      (freebsd-questions)
    • Re: Newbie Experience
      ... I've only been around since FreeBSD 5.4 ... FreeBSD kernel too. ... always sunshine and linux is farts. ... in the hey day of AT&T Unix I'm ...
      (freebsd-questions)
    • Re: Review of FreeBSD 5.4
      ... but not less problems compared to FreeBSD. ... If you like to have a bleeding edge system using debian --- just go ... > the linux kernel suffers. ... When the kernel suffers, everyone who uses ...
      (comp.unix.bsd.freebsd.misc)