Date: Wed, 1 May 1996 07:34:46 -0400 From: Gene Stark <gene@starkhome.cs.sunysb.edu> To: Paul Danckaert <umbc.edu!pauld@sbstark.cs.sunysb.edu> Cc: security@freebsd.org Subject: Re: FreeBSD & firewalls Message-ID: <199605011134.HAA08293@starkhome.cs.sunysb.edu> In-Reply-To: Paul Danckaert's message of Tue, 30 Apr 1996 10:02:16 -0400 (EDT) References: <4m5u6d$4r3@starkhome.cs.sunysb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>Also, I'm just curious and haven't looked too much into it, but has >anybody used BSD to firewall people within a site? For example, we are >looking at putting dorms on ethernet, but we are going to block various >protocols, ports, etc.. has anybody used a BSD solution to this sort of >problem? Any recomendations on software? Yes, I am using ipfw primarily to prevent egress from a student lab. The purpose is to keep people from occupying seats in the lab while they play MUDs or IRC or use X to outside, and to keep them from setting up lots of quasi-commercial servers operating on machines within the lab. The ipfw code works more or less OK for this, but I found it a bit difficult to create the filters I wanted. Mostly, what I am doing is blocking TCP between endpoints inside and outside the lab, both ports of which are >= 1024. The main disadvantage of this seems to be that "passive FTP", or whatever it is that happens sometimes when you follow an ftp: link from an HTTP server and get a high numbered port, is blocked. - Gene Stark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605011134.HAA08293>