Date: Tue, 14 Nov 2000 21:19:34 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: Nuno Teixeira <nuno.teixeira@pt-quorum.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: PPP NAT Gateway security Message-ID: <20001114211934.B888@grok> In-Reply-To: <001c01c04e97$c69c3c90$0200a8c0@n2>; from Nuno Teixeira on Wed, Nov 15, 2000 at 12:05:28AM -0000 References: <00c801c04dc4$12a89220$0200a8c0@n2> <20001114144513.A888@grok> <001c01c04e97$c69c3c90$0200a8c0@n2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 15, 2000 at 12:05:28AM -0000, Nuno Teixeira wrote: > I've configured a 'client' firewall (in the /etc/rc.firewall) in FreeBSD for > a private class C IP numbers of my network. It works ok inside the network > but I can't get access to the Internet. I believe that this problem is > related to my ISP (PPP analog modem) doesn't give me a static IP but a > dinamic one. This is what I've whipped up for my ipfilter config: http://sea-to-sky.net/~sreid/ipfinit A simple little sh script that takes an interface name (fxp0 in my case, tun0 in yours) as an argument and extracts the IP address information from ifconfig, then performs the appropriate substitutions on ipf.cfg and feeds the results to ipf. http://sea-to-sky.net/~sreid/ipf.cfg My IP Filter configuration template. Must be processed by ipfinit. Default-deny approach with no special handling for FTP connections (use passive mode). Feel free to use and/or distribute, just give it a look over first to make sure I'm not on crack. If I am then please tell me. To use the above, add "options IPFILTER" to your kernel config. > What I'd like to do is something like BlackIce do in Windows OS. Can I do > the same work with IPFW? I'm not familiar with BlackIce. Heck, I'm not really even familiar with Windows anymore. :) But from what I gather you're asking about logging unexpected packets. My ipf config has a "log" directive for anything that is addressed to me but not allowed to pass. Requres "options IPFILTER_LOG" in the kernel config, and "ipmon /var/log/ipf.log" (or equivalent) running in the background. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001114211934.B888>