Date: Sat, 1 Jul 2006 10:03:19 -0700 From: Darrin Chandler <dwchandler@stilyagin.com> To: jan gestre <freebsd.ph@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: pf on freebsd 6.1 on DMZ in m0n0wall question Message-ID: <20060701170319.GA13344@jeeves.stilyagin.local> In-Reply-To: <a25afc300607010846m60ebbf88h4e35b8c63e5abb87@mail.gmail.com> References: <a25afc300607010846m60ebbf88h4e35b8c63e5abb87@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 01, 2006 at 11:46:42PM +0800, jan gestre wrote: > i recently installed and configured > (postfix+dovecot+amavisd-new+clamav+dspam+roundcubemail) in my freebsd > 6.1box, i placed the box in my dmz protected by m0n0wall, however i > have no > firewall on the mentioned box and i'm relying on m0n0wall to protect it. is > that ok? i'm new to freebsd and read about pf and i'm having some thoughts > of installing pf as firewall in my webmailserver but i'm afraid to mess > things up especially now that the box is already a production server, do i > really need to install a separate firewall? is it an overkill? if not then > anybody kind enough to lend a working pf configuration that allows http, > smtp and ssh, i've read the handbook but don't understand it much > particularly the firewall thing. I think you're right not to try this out on your production box. Pf is nice, and I encourage you to use it, but *please* find a test machine! Pf works well and it's pretty easy to learn, but you almost certainly will make mistakes in the beginning. In addition to the fine Handbook, there's a nice pf faq at www.openbsd.org/faq/pf/ that explains a lot and has a few ruleset examples. If you learn your way on a test box it'll be a snap to put it in production... -- Darrin Chandler | Phoenix BSD Users Group dwchandler@stilyagin.com | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060701170319.GA13344>