Firewall Wizards mailing list archives

Re: Securing FreeBSD 2.1.7.1

From: Rudolf Schreiner <ras () muc de>
Date: Wed, 18 Feb 1998 20:46:08 +0300

-= ArkanoiD =- wrote:

I am thinking on "hardening" FreeBSD 2.1.7.1 system to run a firewall on
top of it.. by implementing "securelevel 3" with some system calls
disabled/wrapped - like mount, mknod.. what else? Any ideas?


I completly removed all routing code from the kernel, esp. source route. 
Of course this applies only to an application level gateway.
Then I added some additional logging of "strange" packets used for port
scanning. And last of all I used two SCSI-hardisks, a write protected
root disk for executables and configuration, and  a r/w /var for
spooling and logging. IIRC (I made this years ago, on FreeBSD 2.1, and
don't have the source handy) the problem was that a entry in /dev had to
be made at boot time, but /dev was on the write protected boot disk. So
I moved the device to /var/dev.

Rudi

Current thread:

Securing FreeBSD 2.1.7.1 -= ArkanoiD =- (Feb 18)
- Re: Securing FreeBSD 2.1.7.1 Rudolf Schreiner (Feb 18)
- Re: Securing FreeBSD 2.1.7.1 marc (Feb 18)
- <Possible follow-ups>
- Securing FreeBSD 2.1.7.1 tqbf (Feb 18)