From owner-freebsd-questions  Sun Oct 20 18:20:53 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5C8437B401
	for <freebsd-questions@freebsd.org>; Sun, 20 Oct 2002 18:20:51 -0700 (PDT)
Received: from blueyonder.co.uk (pcow035o.blueyonder.co.uk [195.188.53.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7241B43E75
	for <freebsd-questions@freebsd.org>; Sun, 20 Oct 2002 18:20:45 -0700 (PDT)
	(envelope-from andrew@cream.org)
Received: from pcow035o.blueyonder.co.uk ([127.0.0.1]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.757.75);
	 Mon, 21 Oct 2002 02:20:09 +0100
Received: from cream.org (unverified [62.31.108.42]) by pcow035o.blueyonder.co.uk
 (Content Technologies SMTPRS 4.2.9) with ESMTP id <T5e1128c19dac1785ed21a@pcow035o.blueyonder.co.uk>;
 Mon, 21 Oct 2002 02:20:09 +0100
Message-ID: <3DB35744.5080705@cream.org>
Date: Mon, 21 Oct 2002 02:24:20 +0100
From: Andrew Boothman <andrew@cream.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Robin Schilham <co9@xs4all.nl>
Cc: Kent Stewart <kstewart@owt.com>,
	Bryan Cassidy <bryanc2000@insightbb.com>,
	freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Security! Please help newbie
References: <20021020125909.1acd7e7c.bryanc2000@insightbb.com> <3DB30EE6.8020909@owt.com> <3DB310F8.2030605@xs4all.nl>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Robin Schilham wrote:
>> The type is supposed to be open, close, simple, and etc. It depends on 
>> which type you are using in rc.firewall. Look for [Ss][Ii] and etc.
>
> According to the comments in /etc/rc.firewall firewall_type can also be 
> a file name.
> Anyway, it might be better to start with one of the example rule sets in 
> /etc/rc.firewall
> and adapt them to your needs.

Good idea.

Also don't forget to check the handbook and FAQ for relevent information 
and have a good Google around because I remember people putting 
information onto websites about locking down FreeBSD boxes.

Also remember it is important to read understand and act on all FreeBSD 
security advisories, so make sure you are on the security-adivsories 
mailing list. It's probably best to install the most recent -release and 
then track the relevent security update branch to keep yourself secure. 
Read the handbook for more info.

You also might want to read http://www.cert.org as I find that a good 
site for more general security information.

Good luck,

Andrew.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message