Date: Sun, 16 Jul 2000 11:45:09 -0400 From: Nick Evans <nevans@nextvenue.com> To: 'Larry Rosenman' <ler@lerctr.org>, William Woods <bwoods2@uswest.net> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: IPF rules... Message-ID: <712384017032D411AD7B0001023D799B07C9DD@sn1exchmbx.nextvenue.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BFEF3C.D2614710 Content-Type: text/plain; charset="iso-8859-1" As for IPF links definately go to www.obfuscation.org/ipf, the howto is good and is constantly being developed. There are a few perl scripts for parsing logs, check the mailing list archive. there is a link to it on the main IPFilter page @ http://coombs.anu.edu.au/~avalon. Subscribe the the mailing list, that's the single best resource for getting help. also don't forget the see the IPF page for general rule structure. Also check out the sub directories of the tarball, there are a bunch of handy predone rulesets. If you can find it, there is a great article in Sysadmin, June 2000 that has a complete setup from start to finish. nick -----Original Message----- From: Larry Rosenman [mailto:ler@lerctr.org] Sent: Sunday, July 16, 2000 4:31 AM To: William Woods Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPF rules... I did this recently. http://www.obfuscation.org/ipf/ has some good howto's and a rc.firewall patch (which I just found :-) ) seems to work just fine (I'm running it on a 486DX-4 100 with 2 NIC's on my DSL line). I'm catching lots of garbage :-( . I just wish there were reporting tools to analyze the ipmon logs for suspicious stuff. We'll get there. Larry Rosenman > I am seriousely considering moveing from IPFW to IPF as a firewall > solution and would appreciate any links you may have to IPF setup. > > This would be on a 4.0-stable system. > > Thnaks > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message ------_=_NextPart_001_01BFEF3C.D2614710 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2652.35"> <TITLE>RE: IPF rules...</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>As for IPF links definately go to = www.obfuscation.org/ipf, the howto is good and is constantly being = developed. There are a few perl scripts for parsing logs, check the = mailing list archive. there is a link to it on the main IPFilter page @ = <A HREF=3D"http://coombs.anu.edu.au/~avalon" = TARGET=3D"_blank">http://coombs.anu.edu.au/~avalon</A>. Subscribe the = the mailing list, that's the single best resource for getting help. = also don't forget the see the IPF page for general rule structure. Also = check out the sub directories of the tarball, there are a bunch of = handy predone rulesets. If you can find it, there is a great article in = Sysadmin, June 2000 that has a complete setup from start to = finish.</FONT></P> <P><FONT SIZE=3D2>nick</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Larry Rosenman [<A = HREF=3D"mailto:ler@lerctr.org">mailto:ler@lerctr.org</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Sunday, July 16, 2000 4:31 AM</FONT> <BR><FONT SIZE=3D2>To: William Woods</FONT> <BR><FONT SIZE=3D2>Cc: freebsd-questions@FreeBSD.ORG</FONT> <BR><FONT SIZE=3D2>Subject: Re: IPF rules...</FONT> </P> <BR> <P><FONT SIZE=3D2>I did this recently.</FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://www.obfuscation.org/ipf/" = TARGET=3D"_blank">http://www.obfuscation.org/ipf/</A></FONT>; </P> <P><FONT SIZE=3D2>has some good howto's and a rc.firewall patch (which = I just found :-) )</FONT> </P> <P><FONT SIZE=3D2>seems to work just fine (I'm running it on a 486DX-4 = 100 with</FONT> <BR><FONT SIZE=3D2>2 NIC's on my DSL line). I'm catching lots of = garbage :-( . </FONT> </P> <P><FONT SIZE=3D2>I just wish there were reporting tools to analyze the = ipmon logs </FONT> <BR><FONT SIZE=3D2>for suspicious stuff. </FONT> </P> <P><FONT SIZE=3D2>We'll get there.</FONT> </P> <P><FONT SIZE=3D2>Larry Rosenman</FONT> </P> <P><FONT SIZE=3D2>> I am seriousely considering moveing from IPFW to = IPF as a firewall</FONT> <BR><FONT SIZE=3D2>> solution and would appreciate any links you may = have to IPF setup.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> This would be on a 4.0-stable system.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Thnaks</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>> with "unsubscribe freebsd-questions" = in the body of the message</FONT> </P> <BR> <P><FONT SIZE=3D2>-- </FONT> <BR><FONT SIZE=3D2>Larry = Rosenman &nbs= p; <A = HREF=3D"http://www.lerctr.org/~ler" = TARGET=3D"_blank">http://www.lerctr.org/~ler</A></FONT>; <BR><FONT SIZE=3D2>Phone: +1 972-414-9812 (voice) Internet: = ler@lerctr.org</FONT> <BR><FONT SIZE=3D2>US Mail: 1905 Steamboat Springs Drive, Garland, TX = 75044-6749</FONT> </P> <BR> <P><FONT SIZE=3D2>To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>with "unsubscribe freebsd-questions" in = the body of the message</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01BFEF3C.D2614710-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?712384017032D411AD7B0001023D799B07C9DD>