Firewalls and Webmin

Kevin Kinsey kdk at daleco.biz
Wed Feb 16 16:13:56 PST 2005 

Alex D'Elia wrote:

>Hi SigmaX,
>
>* SigmaX <scottclansman at cwazy.co.uk> [050217 17:45]:
>
>  
>
>>Heya;
>>I have FreeBSD 5.3 and need to set up the firewall.  I've never done 
>>anything with Firewall on a *NIX system without the help of Webmin, and 
>>I'm new to BSD in general.  Webmin gives me an error when trying to use 
>>the BSD Firewall module. 
>>
>>I tried doing "ipfw sh" to see what was up, and I get "ipfw: 
>>getsockopt(IP_FW_GET): Protocol not available"
>>
>>I found a post from a while back that said I need to recompile my 
>>kernel.  I can't imagine that that's the case for a firewall in 
>>general.  I need a firewall... if I can't use Webmin (read: ipfw) I'm 
>>gonna need a REALLY good howto :-P. Any help?
>>
>>    
>>
>
>
>first of all I say ( as someone else will do ) that you should post
>technical questions to freebsd-questions because this is a list of
>discussion about FreeBSD and not about technical problems.
>But I can tell you that if you follow the instructions of the
>handbook, you will for sure have enough informations to get you going.
>The handbook its a really good documentation, not only for FreeBSD
>but for a lot more ;^)
>
>  
>

Yes, and it should have been consulted prior to this posting.  I
don't mean to directly offend, but you have made at least one
mistake in your advice.  Likely I will, too; and, SigmaX, this is
why your question is on the wrong forum.

>And Yes, you need to recompile the kernel if you want to use your
>system for a firewalling purpose.
>  
>

Not if he's using 5.3 and doesn't want NAT.  From the Handbook:

  "IPFW is included in the basic FreeBSD install as a separate run time
  loadable module. IPFW will dynamically load the kernel module when
   the rc.conf statement firewall_enable="YES" is used. You do not need
  to compile IPFW into the FreeBSD kernel unless you want NAT function
 enabled."


>But that's not an hack ..... its preety easy.
>I personally find it easyer than in linux ( with all respects ),
>
>  
>

It's easy once you've done it a few times.  My first time was
rather frightening, personally, but only because *I* was freaked
out ... the system performed admirably.  And, then you need
"mergemaster" ...

>I already used ipfw in FreeBSD-4.X and ipf and pf with OpenBSD.
>Now that the new STABLE BRANCH 5.3 its including the pf firewall
>from OpenBSD, I use that, 'cause I find it really powerfull and yet
>nice to configure.
>
>just take a look at the handbook, and you'll find a lot of answers
>to your questions.
>You find the documentation also on your system: /usr/share/doc/en/books
>for english language documentation :)
>
>  
>

Good advice there too.

Kevin Kinsey

More information about the freebsd-newbies mailing list