Date: Tue, 30 Apr 1996 10:02:16 -0400 (EDT) From: Paul Danckaert <pauld@umbc.edu> To: Mark Newton <newton@communica.com.au> Cc: Kristyn Fayette <kristyn@gnu.ai.mit.edu>, freebsd-security@freebsd.org Subject: Re: FreeBSD & firewalls Message-ID: <Pine.SGI.3.91.960430095746.26867A-100000@umbc7.umbc.edu> In-Reply-To: <9604300109.AA15421@communica.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Apr 1996, Mark Newton wrote: > > Point 2: Be aware that a single computer doesn't make a very good > firewall! Simply plonking a UNIX box onto the network between you and > your ISP is not going to deliver anywhere near what *I* would consider > acceptable security (what you would consider acceptable may legitimately > differ, though) I agree that simply dropping a box on the net, running ipfw or whatever on it, and calling yourself safe isn't completely true, but I'm curious what you would do to build a safer network? I would hope that your external router would do alot of blocks, before data ever makes it to your firewall box, but what about in some of the hybrid situations that FreeBSD works well in? For example, when people drop a T1 card into a box, a few ethernet cards, and make it their external router itself? Also, I'm just curious and haven't looked too much into it, but has anybody used BSD to firewall people within a site? For example, we are looking at putting dorms on ethernet, but we are going to block various protocols, ports, etc.. has anybody used a BSD solution to this sort of problem? Any recomendations on software? paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.91.960430095746.26867A-100000>