freebsd-questions Digest, Vol 121, Issue 26

Uncle Deejy-Pooh deejy-pooh at ntlworld.com
Tue Jan 17 02:39:30 PST 2006 

On Monday 16 January 2006 20:06, freebsd-questions-request at freebsd.org wrote:
> Date: Mon, 16 Jan 2006 14:30:01 +0100
> From: "Daniel A." <ldrada at gmail.com>
> Subject: Re: FreeBSD
> To: Uncle Deejy-Pooh <deejy-pooh at ntlworld.com>
> Cc: freebsd-questions at freebsd.org
> Message-ID:
> 	<5ceb5d550601160530w2b210f8ar4349cf1e1407a6db at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
> Congratulations on your success with PC-BSD.
>
> I think that the nature of the BSD license can also indirectly be
> applied to the FreeBSD mailing lists: Anyone can play along.
> We're not elitist snobs =)
>
> On 1/13/06, Uncle Deejy-Pooh <deejy-pooh at ntlworld.com> wrote:
> > Hey, I've spent the day using pc-bsd, and I quite like it ! Can I remain
> > on the
> > mailing list, or are people already forming hollow squares to drum me out
> > ?
> >
> >           Regards to all for the New Year,
> >                                                                    Deej

Many thanks for all the replies to my posting. Just to let y'all know that 
after toying with PC-BSD and Desktop-BSD - both have their merits - I'm back
home ! Hell, I even put Windoze on for a day or two - what a shambles !
So, off I go again, trying to write assembler programmes for BSD - as lonely 
an occupation as ever bit a sandwich!

Whilst I'm here, may I pick your collective brains regarding firewalls.
I'm using a stand-alone box with a cable broadband connection. This box is 
used only for internet connection, downloading etc. and email, and this is my 
current firewall configuration ( stolen from somewhere ! ):

In my kernel:

options		IPFIREWALL
options		IPFIREWALL_VERBOSE
options		IPFIREWALL_VERBOSE_LIMIT=10
options		IPSTEALTH
options		TCP_DROP_SYNFIN

In rc.conf:

firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/firewall.rules"
firewall_logging_enable="YES"
log_in_vain="YES"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"

My firewall.rules:

add	00300	check-state
add	00301	deny tcp from any to any in established
add	00302	allow tcp from any to any out setup keep-state
add	00400	allow udp from any 53 to any in
add	00402	allow udp from any to any out
add	00500	allow icmp from any to any icmptypes 3
add	00501	allow icmp from any to any icmptypes 4
add	00502	allow icmp from any to any icmptypes 8
add	00503	allow icmp from any to any icmptypes 0 in
add	00504	allow icmp from any to any icmptypes 11 in

As I know jack-all about Firewalls and all of my time is spent trying to learn 
unix assembly, I would appreciate comments on the above configuration from
Those Who Know --- "on the shoulders of giants", and all that !
I'm sure that there are many out there who would appreciate comments on
firewalls for stand-alone boxes - most of the info seems to be geared toward 
multi-processor, double-monitor, three-phase, jump-up-never-come-down,
chrome-plated  machines with high IQs !

		Many thanks, as ever
						Deej

More information about the freebsd-questions mailing list