*BSD News Article 89007


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!europa.clark.net!arclight.uoregon.edu!news-m01.ny.us.ibm.net!news-s01.ny.us.ibm.net!not-for-mail
From: Jan Walter <jnwal@ibm.net>
Newsgroups: comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc
Subject: Re: Free firewall?
Date: Fri, 14 Feb 1997 10:48:09 -0800
Organization: Centurion Services
Lines: 56
Message-ID: <3304B369.65DB687B@ibm.net>
References: <330333EF.48C8@usa.net>
NNTP-Posting-Host: slip129-37-177-200.bc.ca.ibm.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.01 (X11; I; Linux 2.0.27 i586)
To: myorke@usa.net
Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:158015 comp.os.linux.networking:68264 comp.unix.bsd.freebsd.misc:35394

Mike Yorke wrote:
> 
> Hi,
> 
> I'm looking into setting up a firewall for our network since we'll be
> getting a dedicated connection to the Internet.  Since my company is a
> non-profit organization, we don't want to sink $10-$20K into something.
> Is there any "free" firewall software out there that would run under
> FreeBSD or Linux?  And if so, does the "you get what you pay for" factor
> weigh heavily with this free firewall?  Also, can you point me towards
> any good references on UNIX-based firewalls?  I'd like to learn more
> about this subject.
> 
> Thanks in advance!
> 
> Mike


Firewalling is built into linux as well. Toolkits and other stuff
basically extend or complement that capability.

Linux can also translate network addresses at the kernel level, where
every system behind the linux box actually accesses the net using the
linux box's IP address. It's just an extension of the firewalling
function.

Then again, if you configure your client systems properly (i.e. set up
win95/NT/OS2 so that they provide no services or information over the
TCP/IP protocol) they should be quite safe on their own. The problem
with that is of course that any luser can just come by an re-enable it
on their system and become vulnerable.

Treat internet connections like telnet, portmap and ftp like phone lines
- the cracker can't get in if no one answers the call.

Then all you have to is set up FreeBSD or Linux as a router and mail
(POP3) server and leave it be.


As far as references go, most of those are platform-specific. I'd start
with Altavista and the following simple query term: "firewall +linux"
or "firewall +freebsd". If I wasn't satisfied I'd follow though with a
trip to the local book store...


Cheers,

Jan
-- 
facts below, opinion above.
// Centurion Services
// Quality from the Start
// Fax: (604) 279-1800
// email: censvc@ibm.net
// http://www.ipipeline.net/centurion
// NOW HIRING: http://www.ipipeline.net/centurion/jobs