Firewall Wizards mailing list archives
Re: OpenBSD NAT/Gateway/Firewall script
From: m p <sumirati () yahoo de>
Date: Wed, 20 Jun 2001 20:36:44 +0200 (CEST)
Matt, you can adopt the schemes outlined in the how-tos. There is no _definite_ ruleset for a firewall. Not even for a particular system. _You_ always have to choose which services have to be enabled and which not. And hardening the system. Perhaps implementing a proxy for different services. Implementing an Intrusion Detection System ... continue the list as you like. 1. Be sure you know your protocols. It will be annoying at first, but your learning rate will be much higher, if you know your different handshakes, ports etc. 2. Be sure you understand your firewall kit. If it is ipfilter (which is not longer integrated into OpenBSD due license issues) or something complete different. 3. Understand the programs you are running. Look for exploits. Perhaps test the code yourself (there are some tools out there, which help you with this) Now to your script. Do it yourself. Try parallel installing a snort (or something similar). So you can see attacks. Log anything in the starting phase. Tune your rules. There are some articles at daemonnews about ipfw. Adope the idea behind it and translate it to ipfilter. And most of all: Have fun. marc --- Matt Simonsen <matt () careercast com> schrieb: > I have been reading up on OpenBSD firewalls, but
most of the how-tos I have seen assume you have 3 real network blocks to work with and at times filter the very blocks (192.168.x.x) I am working with. I am having a little bit of trouble getting strong rule sets to work... I can make NAT and simple rule sets work, but I want something that is super secure and filters everything not needed. I know there must be people out there that have setup OpenBSD gatway boxes with 2 NICs, one using a real IP, one using an internal, with a strong rule set. If you have one you could forward to me or point me to some web sites with this it would be much appreciated. Matt Simonsen _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
__________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- OpenBSD NAT/Gateway/Firewall script Matt Simonsen (Jun 19)
- Re: OpenBSD NAT/Gateway/Firewall script Jonas Eriksson (Jun 21)
- Re: OpenBSD NAT/Gateway/Firewall script m p (Jun 21)