pf on freebsd 6.1 on DMZ in m0n0wall question

Darrin Chandler dwchandler at stilyagin.com
Sat Jul 1 17:03:22 UTC 2006


On Sat, Jul 01, 2006 at 11:46:42PM +0800, jan gestre wrote:
> i recently installed and configured
> (postfix+dovecot+amavisd-new+clamav+dspam+roundcubemail) in my freebsd
> 6.1box, i placed the box in my dmz protected by m0n0wall, however i
> have no
> firewall on the mentioned box and i'm relying on m0n0wall to protect it. is
> that ok? i'm new to freebsd and read about pf and i'm having some thoughts
> of installing pf as firewall in my webmailserver but i'm afraid to mess
> things up especially now that the box is already a production server, do i
> really need to install a separate firewall? is it an overkill? if not then
> anybody kind enough to lend a working pf configuration that allows http,
> smtp and ssh, i've read the handbook but don't understand it much
> particularly the firewall thing.

I think you're right not to try this out on your production box. Pf is
nice, and I encourage you to use it, but *please* find a test machine!
Pf works well and it's pretty easy to learn, but you almost certainly
will make mistakes in the beginning.

In addition to the fine Handbook, there's a nice pf faq at
www.openbsd.org/faq/pf/ that explains a lot and has a few ruleset
examples.

If you learn your way on a test box it'll be a snap to put it in
production...

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler at stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |


More information about the freebsd-questions mailing list