From owner-freebsd-questions Sun Jul 16 8:49:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from sn1oexchr01.nextvenue.com (sn1oexchr01.nextvenue.com [63.209.169.9]) by hub.freebsd.org (Postfix) with SMTP id 26B1C37BB99 for ; Sun, 16 Jul 2000 08:49:32 -0700 (PDT) (envelope-from nevans@nextvenue.com) Received: FROM sn1exchmbx.nextvenue.com BY sn1oexchr01.nextvenue.com ; Sun Jul 16 11:47:46 2000 -0400 Received: by sn1exchmbx.nextvenue.com with Internet Mail Service (5.5.2650.21) id <3987SBBV>; Sun, 16 Jul 2000 11:45:10 -0400 Message-ID: <712384017032D411AD7B0001023D799B07C9DD@sn1exchmbx.nextvenue.com> From: Nick Evans To: 'Larry Rosenman' , William Woods Cc: freebsd-questions@FreeBSD.ORG Subject: RE: IPF rules... Date: Sun, 16 Jul 2000 11:45:09 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01BFEF3C.D2614710" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BFEF3C.D2614710 Content-Type: text/plain; charset="iso-8859-1" As for IPF links definately go to www.obfuscation.org/ipf, the howto is good and is constantly being developed. There are a few perl scripts for parsing logs, check the mailing list archive. there is a link to it on the main IPFilter page @ http://coombs.anu.edu.au/~avalon. Subscribe the the mailing list, that's the single best resource for getting help. also don't forget the see the IPF page for general rule structure. Also check out the sub directories of the tarball, there are a bunch of handy predone rulesets. If you can find it, there is a great article in Sysadmin, June 2000 that has a complete setup from start to finish. nick -----Original Message----- From: Larry Rosenman [mailto:ler@lerctr.org] Sent: Sunday, July 16, 2000 4:31 AM To: William Woods Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPF rules... I did this recently. http://www.obfuscation.org/ipf/ has some good howto's and a rc.firewall patch (which I just found :-) ) seems to work just fine (I'm running it on a 486DX-4 100 with 2 NIC's on my DSL line). I'm catching lots of garbage :-( . I just wish there were reporting tools to analyze the ipmon logs for suspicious stuff. We'll get there. Larry Rosenman > I am seriousely considering moveing from IPFW to IPF as a firewall > solution and would appreciate any links you may have to IPF setup. > > This would be on a 4.0-stable system. > > Thnaks > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 (voice) Internet: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message ------_=_NextPart_001_01BFEF3C.D2614710 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: IPF rules...

As for IPF links definately go to = www.obfuscation.org/ipf, the howto is good and is constantly being = developed. There are a few perl scripts for parsing logs, check the = mailing list archive. there is a link to it on the main IPFilter page @ = http://coombs.anu.edu.au/~avalon. Subscribe the = the mailing list, that's the single best resource for getting help. = also don't forget the see the IPF page for general rule structure. Also = check out the sub directories of the tarball, there are a bunch of = handy predone rulesets. If you can find it, there is a great article in = Sysadmin, June 2000 that has a complete setup from start to = finish.

nick

-----Original Message-----
From: Larry Rosenman [mailto:ler@lerctr.org]
Sent: Sunday, July 16, 2000 4:31 AM
To: William Woods
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPF rules...


I did this recently.
http://www.obfuscation.org/ipf/

has some good howto's and a rc.firewall patch (which = I just found :-) )

seems to work just fine (I'm running it on a 486DX-4 = 100 with
2 NIC's on my DSL line).  I'm catching lots of = garbage :-( .

I just wish there were reporting tools to analyze the = ipmon logs
for suspicious stuff.

We'll get there.

Larry Rosenman

> I am seriousely considering moveing from IPFW to = IPF as a firewall
> solution and would appreciate any links you may = have to IPF setup.
>
> This would be on a 4.0-stable system.
>
> Thnaks
>
>
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" = in the body of the message


--
Larry = Rosenman          &nbs= p;           http://www.lerctr.org/~ler
Phone: +1 972-414-9812 (voice) Internet: = ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX = 75044-6749


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in = the body of the message

------_=_NextPart_001_01BFEF3C.D2614710-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message