Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: Configuring a firewall under Unix

Re: Configuring a firewall under Unix

chuck yerkes (fwwizyerkes.com)
Thu, 3 Jun 1999 18:08:57 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: chuck: "Re: IMAP- how to protect a server?"
Previous message: Ge' Weijers: "Re: Interesting DNS Traffic -Reply -Reply"
In reply to: Einar EINARSSON: "Re: Interesting DNS Traffic -Reply -Reply"
Next in thread: Frank W. Keeney: "RE: Configuring a firewall under Unix"

There are some firewall books - OReilly's has a practical one, and
Cheswick and Bellovin have the more theoretical one. The latter was
THE documentation of good principles.

Steven's and Comer's (pick one set) TCP/IP books are good to know.
Design and Implemenation of 44BSD is an interesting read.

There are lists. Greatcircle has the large one, hit their majordomo
server for it.

You can put a toolkit in, you can setup ipfilter. Now you have proxies
and filtering on an unsecure machine.

I've said it before. To build and run a secure firewall you need
to know the operating system really, really well. In your case,
FreeBSD (me? I lean towards Openbsd). But either way, you have
to know the system and Unix really thoroughly. Can I emphasize it
more? I'd expect my admins to be able to rewrite all the rc files
from memory (or come close).

It's easy to build a box that sort of looks like a firewall, but WHOA!
there's a big ass hole because you don't know that rpcs were still
running and your rpc server proxies for you (how nice). What's an
RPC? Go buy a vendors firewall.

Wanna learn? Well, you'll make mistakes. Don't bet the farm on what
you build for the first couple years. Once you really know what you're
doing, say after a year or so, then you are at the beginning.

chuck

Quoting David Rainville (lrainvilleyahoo.com):
>
> Hi everyone!
>
> I'm sure glad to be registered to this mailing list! Everyone is very
> clever! I just started the unix World a few months ago and decided to
> put my FreeBSD box on the internet. But before doing this, I decided to
> protect myself against the outside malicious world so I decided to
> install a firewall. My question is .. is there someone or a doc file
> which explains how to configure from a to z a firewall including the
> program installation? Any config example is welcome.. linux or
> freebsd.. I have two boxes..
>
> Thank you in advance!
>
> David Rainville
> lrainvilleyahoo.com
> _________________________________________________________
> Do You Yahoo!?

No, in fact I don't.

Next message: chuck: "Re: IMAP- how to protect a server?"
Previous message: Ge' Weijers: "Re: Interesting DNS Traffic -Reply -Reply"
In reply to: Einar EINARSSON: "Re: Interesting DNS Traffic -Reply -Reply"
Next in thread: Frank W. Keeney: "RE: Configuring a firewall under Unix"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT