freebsd-questions Digest, Vol 121, Issue 26
Uncle Deejy-Pooh
deejy-pooh at ntlworld.com
Tue Jan 17 02:39:30 PST 2006
On Monday 16 January 2006 20:06, freebsd-questions-request at freebsd.org wrote:
> Date: Mon, 16 Jan 2006 14:30:01 +0100
> From: "Daniel A." <ldrada at gmail.com>
> Subject: Re: FreeBSD
> To: Uncle Deejy-Pooh <deejy-pooh at ntlworld.com>
> Cc: freebsd-questions at freebsd.org
> Message-ID:
> <5ceb5d550601160530w2b210f8ar4349cf1e1407a6db at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
> Congratulations on your success with PC-BSD.
>
> I think that the nature of the BSD license can also indirectly be
> applied to the FreeBSD mailing lists: Anyone can play along.
> We're not elitist snobs =)
>
> On 1/13/06, Uncle Deejy-Pooh <deejy-pooh at ntlworld.com> wrote:
> > Hey, I've spent the day using pc-bsd, and I quite like it ! Can I remain
> > on the
> > mailing list, or are people already forming hollow squares to drum me out
> > ?
> >
> > Regards to all for the New Year,
> > Deej
Many thanks for all the replies to my posting. Just to let y'all know that
after toying with PC-BSD and Desktop-BSD - both have their merits - I'm back
home ! Hell, I even put Windoze on for a day or two - what a shambles !
So, off I go again, trying to write assembler programmes for BSD - as lonely
an occupation as ever bit a sandwich!
Whilst I'm here, may I pick your collective brains regarding firewalls.
I'm using a stand-alone box with a cable broadband connection. This box is
used only for internet connection, downloading etc. and email, and this is my
current firewall configuration ( stolen from somewhere ! ):
In my kernel:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPSTEALTH
options TCP_DROP_SYNFIN
In rc.conf:
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/firewall.rules"
firewall_logging_enable="YES"
log_in_vain="YES"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"
My firewall.rules:
add 00300 check-state
add 00301 deny tcp from any to any in established
add 00302 allow tcp from any to any out setup keep-state
add 00400 allow udp from any 53 to any in
add 00402 allow udp from any to any out
add 00500 allow icmp from any to any icmptypes 3
add 00501 allow icmp from any to any icmptypes 4
add 00502 allow icmp from any to any icmptypes 8
add 00503 allow icmp from any to any icmptypes 0 in
add 00504 allow icmp from any to any icmptypes 11 in
As I know jack-all about Firewalls and all of my time is spent trying to learn
unix assembly, I would appreciate comments on the above configuration from
Those Who Know --- "on the shoulders of giants", and all that !
I'm sure that there are many out there who would appreciate comments on
firewalls for stand-alone boxes - most of the info seems to be geared toward
multi-processor, double-monitor, three-phase, jump-up-never-come-down,
chrome-plated machines with high IQs !
Many thanks, as ever
Deej
More information about the freebsd-questions
mailing list