FreeBSD and security
Bruno Campanelli
bcampanelli at quipo.it
Wed Jan 28 15:37:01 PST 2004
----- Original Message -----
From: "Jeff Brown" <j_brown11 at hotmail.com>
To: <freebsd-newbies at FreeBSD.org>
Sent: Wednesday, January 28, 2004 8:25 PM
Subject: FreeBSD and security
>>I am planning to install FreeBSD and use it as my web server. I have
>>wireless cable internet access and I am running straight into the webserver
>>and then out to my switch (i have 3 desktops) Will I need to incorporate a
>>hardware firewall, or does FreeBSD have adequate security built in?
Yes,it does have security built in,provided you activate it.
You can use one of the two commonly used firewalls:
ipfw or ipfilter (I prefer ipfilter because use a very simple and strong
ruleset logic).
If you decide to use IPFW,see "Chapter 10.8:Firewalls",of the FreeBSD
Handbook (online on www.freebsd.org/handbook, and you can download it
from the site in various formats) on how to set up IPFW.
If you want to use IPFilter here is a list of useful resources online:
IPFilter home page:
http://www.ipfilter.org
IPFilter examples:
http://coombs.anu.edu.au/~avalon/examples.html
IPFilter how-to:
http://www.unixcircle.com/ipf/
IPFilter mailing list archive:
http://false.net/ipfilter
Guido van Rooij has written some real nice IPFilter papers:
http://www.madison-gurkha.com/all_publications.shtml
Address Allocation for Private Internets:
http://www.muine.org/rfc/rfc1918.txt
The IP Network Address Translator (NAT):
http://www.muine.org/rfc/rfc1631.txt
Traditional IP Network Address Translator (Traditional NAT)
http://www.muine.org/rfc/rfc3022.txt
Bandwidth management:
http://www.iet.unipi.it/~luigi/ip_dummynet/
The Twenty Most Critical Internet Security Vulnerabilities (Updated)
http://66.129.1.101/top20.htm
IPFilter and PF resources
http://www.unixcircle.com/ipf/ [San Jose, CA, USA]
http://www.pir.net/pir/ipf/ [Boston, MA, USA]
http://www.openlysecure.org/content/html/www.obfuscation.org/ipf [Surrey, UK]
http://mirrors.sunroot.de/www.obfuscation.org/ipf [Kerpen, Germany]
http://www.grunta.com/ipf/ [Melbourne, Victoria, AU]
http://www.darkart.com/mirrors/www.obfuscation.org/ipf/ [Oakland, CA, USA]
FreeBSD rc.firewall patch
synk has a patch to add simple ipf configuration to your FreeBSD /etc/rc.firewall
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
Real Stateful TCP Packet Filtering in IP Filter by Guido Van Rooij [local copy] [local pdf version]
http://www.false.net/ipfilter/
The searchable ipfilter mailing list archive
http://www.iae.nl/users/guido/bsdcon2000/
Cheers,
>> Learn how to choose, serve, and enjoy wine at Wine @ MSN.
>> http://wine.msn.com/
---
[Quipo ISP - Questa E-mail e' stata controllata dal programma Declude Virus]
[Quipo ISP - This E-mail was scanned for viruses by Declude Virus]
More information about the freebsd-newbies
mailing list