From owner-freebsd-security Tue Apr 30 07:02:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id HAA09015 for security-outgoing; Tue, 30 Apr 1996 07:02:42 -0700 (PDT) Received: from umbc7.umbc.edu (pauld@f-umbc7.umbc.edu [130.85.3.7]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA09009 for ; Tue, 30 Apr 1996 07:02:37 -0700 (PDT) Received: (from pauld@localhost) by umbc7.umbc.edu (8.6.12/Umbc) id KAA28198; Tue, 30 Apr 1996 10:02:16 -0400 Date: Tue, 30 Apr 1996 10:02:16 -0400 (EDT) From: Paul Danckaert To: Mark Newton cc: Kristyn Fayette , freebsd-security@freebsd.org Subject: Re: FreeBSD & firewalls In-Reply-To: <9604300109.AA15421@communica.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 30 Apr 1996, Mark Newton wrote: > > Point 2: Be aware that a single computer doesn't make a very good > firewall! Simply plonking a UNIX box onto the network between you and > your ISP is not going to deliver anywhere near what *I* would consider > acceptable security (what you would consider acceptable may legitimately > differ, though) I agree that simply dropping a box on the net, running ipfw or whatever on it, and calling yourself safe isn't completely true, but I'm curious what you would do to build a safer network? I would hope that your external router would do alot of blocks, before data ever makes it to your firewall box, but what about in some of the hybrid situations that FreeBSD works well in? For example, when people drop a T1 card into a box, a few ethernet cards, and make it their external router itself? Also, I'm just curious and haven't looked too much into it, but has anybody used BSD to firewall people within a site? For example, we are looking at putting dorms on ethernet, but we are going to block various protocols, ports, etc.. has anybody used a BSD solution to this sort of problem? Any recomendations on software? paul