Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenBSD NAT/Gateway/Firewall script

From: m p <sumirati () yahoo de>
Date: Wed, 20 Jun 2001 20:36:44 +0200 (CEST)
Matt,

you can adopt the schemes outlined in the how-tos. 

There is no _definite_ ruleset for a firewall. Not
even for a particular system. _You_ always have to
choose which services have to be enabled and which
not. And hardening the system. Perhaps implementing a
proxy for different services. Implementing an
Intrusion Detection System ... continue the list as
you like.

1. Be sure you know your protocols. It will be
annoying at first, but your learning rate will be much
higher, if you know your different handshakes, ports
etc.

2. Be sure you understand your firewall kit. If it is
ipfilter (which is not longer integrated into OpenBSD
due license issues) or something complete different.

3. Understand the programs you are running. Look for
exploits. Perhaps test the code yourself (there are
some tools out there, which help you with this)

Now to your script. Do it yourself. Try parallel
installing a snort (or something similar). So you can
see attacks. Log anything in the starting phase. Tune
your rules.

There are some articles at daemonnews about ipfw.
Adope the idea behind it and translate it to ipfilter.

And most of all:

Have fun.

marc
--- Matt Simonsen <matt () careercast com> schrieb: > I
have been reading up on OpenBSD firewalls, but

most of the how-tos I have
seen assume you have 3 real network blocks to work
with and at times filter
the very blocks (192.168.x.x) I am working with. I
am having a little bit of
trouble getting strong rule sets to work... I can
make NAT and simple rule
sets work, but I want something that is super secure
and filters everything
not needed. I know there must be people out there
that have setup OpenBSD
gatway boxes with 2 NICs, one using a real IP, one
using an internal, with a
strong rule set. If you have one you could forward
to me or point me to some
web sites with this it would be much appreciated.

Matt Simonsen

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards



__________________________________________________________________
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: