firewalling policy
VA
listat at synty.net
Thu Feb 19 04:54:10 PST 2004
Hi fellow SysAdmins,
I'm building a FreeBSD route/firewall for a little heavier use. I will use
pf for firewall because it's more familiar and since I need to maintain a
few OpenBSD boxes as well.
Anyways I was hoping to get an opinion for a firewall rule structure.
There are 10 physical NICs (Intel Dual 100Mbs) and also a bunch of VLANs.
What is the best point to firewall? Naturally default block strategy
assumed. I know each interface need rules to achieve good security, but
what about external interface (WAN
link)? Is it safe just to firewall each internal interface, because
otherwise I need "double rules" and it get's more complicated.
Any other hints to give or good optimized examples for pf in larger
enviroment? I will surely make a public document once I get this up and
running.
Thanks in advance and specially all you developers of this great OS!
-Vesa, SysAdmin, Finland
More information about the freebsd-isp
mailing list