Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!europa.clark.net!arclight.uoregon.edu!news-m01.ny.us.ibm.net!news-s01.ny.us.ibm.net!not-for-mail From: Jan Walter <jnwal@ibm.net> Newsgroups: comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc Subject: Re: Free firewall? Date: Fri, 14 Feb 1997 10:48:09 -0800 Organization: Centurion Services Lines: 56 Message-ID: <3304B369.65DB687B@ibm.net> References: <330333EF.48C8@usa.net> NNTP-Posting-Host: slip129-37-177-200.bc.ca.ibm.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.01 (X11; I; Linux 2.0.27 i586) To: myorke@usa.net Xref: euryale.cc.adfa.oz.au comp.os.linux.misc:158015 comp.os.linux.networking:68264 comp.unix.bsd.freebsd.misc:35394 Mike Yorke wrote: > > Hi, > > I'm looking into setting up a firewall for our network since we'll be > getting a dedicated connection to the Internet. Since my company is a > non-profit organization, we don't want to sink $10-$20K into something. > Is there any "free" firewall software out there that would run under > FreeBSD or Linux? And if so, does the "you get what you pay for" factor > weigh heavily with this free firewall? Also, can you point me towards > any good references on UNIX-based firewalls? I'd like to learn more > about this subject. > > Thanks in advance! > > Mike Firewalling is built into linux as well. Toolkits and other stuff basically extend or complement that capability. Linux can also translate network addresses at the kernel level, where every system behind the linux box actually accesses the net using the linux box's IP address. It's just an extension of the firewalling function. Then again, if you configure your client systems properly (i.e. set up win95/NT/OS2 so that they provide no services or information over the TCP/IP protocol) they should be quite safe on their own. The problem with that is of course that any luser can just come by an re-enable it on their system and become vulnerable. Treat internet connections like telnet, portmap and ftp like phone lines - the cracker can't get in if no one answers the call. Then all you have to is set up FreeBSD or Linux as a router and mail (POP3) server and leave it be. As far as references go, most of those are platform-specific. I'd start with Altavista and the following simple query term: "firewall +linux" or "firewall +freebsd". If I wasn't satisfied I'd follow though with a trip to the local book store... Cheers, Jan -- facts below, opinion above. // Centurion Services // Quality from the Start // Fax: (604) 279-1800 // email: censvc@ibm.net // http://www.ipipeline.net/centurion // NOW HIRING: http://www.ipipeline.net/centurion/jobs