Date: Mon, 10 Jun 1996 21:37:02 -0400 (EDT) From: Brian Clapper <bmc@WillsCreek.COM> To: FreeBSD matters of Mark Huizer (xaa) <freebsd@xaa.stack.urc.tue.nl> Cc: questions@freebsd.org Subject: Re: firewalls in FBSD, how good are they? Message-ID: <199606110137.VAA00337@willow.willscreek.com> In-Reply-To: <91702035@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Mark Huizer" <freebsd@xaa.stack.urc.tue.nl> Mark> What I'd like to know: I've never really used and trusted upon the Mark> FreeBSD ipfw stuff. Could anyone give me a little story on their Mark> experiences, whether one can hang their pacemaker on it safely etc :) If all you use is a FreeBSD (or Linux) box with an ipfw module, then you're implementing a packet-filtering gateway--a truly minimalist firewall. It'll provide you *some* protection (i.e., more than just hanging your network naked on the Internet), but if that's all you deploy as your firewall, you're toast if that machine is compromised. That risk may be acceptable for your site; it certainly wasn't (and isn't) for ours, though. And I sure wouldn't hang a pacemaker (or credit-card transaction processing software) off the back end of that sort of firewall. You'd do well to read one or both of the following books, so you can recommend an appropriate solution to your management. 1. Building Internet Firewalls. By Brent Chapman and Elizabeth Zwicky (O'Reilly and Associates, 1995). http://www.ora.com/www/item/fire.html 2. Firewalls & Internet Security: Repelling the Wily Hacker. by William R. Cheswick and Steven M. Bellovin (Addison-Wesley, 1994) http://www.aw.com/cp/Ches.html ----- Brian Clapper ....................... bmc@WillsCreek.COM -or- bmc@telebase.com http://www.netaxs.com/~bmc/ ......... PGP public key available on request If people were required to know the law rather than obey it, the government would be overthrown the very next day.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606110137.VAA00337>