Date: Sun, 1 Jul 2001 11:35:41 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.org Subject: Firewall: ipfw? ipfilter? dhcp lease? Message-ID: <20010701113541.A32402@acadia.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
Hey all. FreeBSD newbie/convert in training here. Couple questions regarding firewalls. First some background on what I am doing now (meaning I have enough knowledge to get by on my current setup) I am currently using RH6.2 with ipchains for my firewall. I am blocking and allowing different ports from all or just a subnet (all open from my work subnet, most closed from all else, that kind of thing). I also have it set up with dhcpcd (pump doesn't do it for me) so that when I get a new dhcp lease, the firewall is reinitialized by executing the rc.firewall script with each dhcp lease. Anyway, I have just finally gotten around to getting a new (for me) machine at home to run FreeBSD on, and I want to set that up as my front end machine (hooked directly to the cable modem, running the firewall, masquerading, maybe doing nat, etc.), but I also want to make sure the firewall will stay up with the current dhcp lease. Anyway, I have been reading about firewalls on the list for a while, and am wondering about the differences between using ipfilter and ipfw. I take it FreeBSD is not using ipchains, so I won't go there. I assume there is some flexibility/security/simplicity tradeoff between the two? Seems logical to me if so. Is one easier to configure? What about resource requirements? (not that that would be an issue, but I'm curious.) I am well aware that there are books available on the subject, a couple are plugged right in the /etc/rc.firewall script, but I want to make a decision on the approach first, and pick the book or books, web resources, etc. that most apply to my decision (I already have plenty of books that "don't apply") Also, are there any online tools to help set up such a firewall? I have been using an ipchains firewall I generated with Rob Ziegler's excellent Linux Firewall Design Tool at http://www.linux-firewall-tools.com/linux/firewall/index.html And yes, it is excellent! Unfortunately, I don't think he has gotten too much into the FreeBSD world. Maybe I'll scout his site again later, or better yet, email him. BTW, some of you may have noticed that I had asked about 5.0-CURRENT recently, but I will be running 4.3-STABLE on this machine. I am (or was) putting -CURRENT on an extra desktop I have 'absconded' at work for experimentation. Just an FYI. Any and all useful commentary on the subject is more than welcome and much appreciated. I hope I have not strayed too far from list etiquette in terms of being both complete and concise, but please forgive me if I have, and feel free to let me know so I can correct any errant behavior, as I expect to have a lot of questions for the list in the future :). TIA Lou -- Louis LeBlanc Fully Funded Hobbyist, KeySlapper Extrordinaire :) leblanc@acadia.ne.mediaone.net http://acadia.ne.mediaone.net ԿԬ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010701113541.A32402>