Latest news
FreeBSD comes with a superb firewalling tool called ipfw. It's very flexible has tons of options yet it's pretty easy to use & set up. Now we're going to discuss how to set up a firewall for a workstation connected to the internet trough a dial-up connection (that's what I have at home), however you can use this document for other connection types too.
First of all you have to reconfigure your kernel. If you don't know how to do that, check in the FreeBSD handbook.
Edit your own kernel and add the following lines.
Now all you have to do is recompile the kernel. But don't reboot yet. We're gonna still need to do some changes in
/etc/rc.conf.Open
/etc/rc.conf in your favorite text editor and add these lines.Now, if you are a dial-up user you might have natd enabled either in your rc.conf file either in your ppp.conf file. Disable them by adding/modifying this line in rc.conf:
ppp_nat="NO"Now let's get down to the firewall rules. Create the
/etc/firewall/ directory and start editing the ipfw.rules file (or whatever you added to rc./conf) - example.That's all. Now reboot your machine. In order to check if the firewall was loaded type:
ipfw showYou should see the firewall rules you just made. Now your firewall is up and running protecting you from the outside world. If you want to disable your firewall do:
ipfw -f flushThe great thing about ipfw is that you can add commands on the way. All you have to do is type:
ipfw add Rule_Number RuleThe Rule_Number is important because ipfw interprets the commands in the order you specify them. For more advanced ipfw rules read the man.
Testing your security
OK, now you have a pretty secure workstation that you can safely connect to the internet. But how can you know that for sure ? Test it.
Testing the firewall
For this operation you'll probably need a friend's help (because your firewall was configured to allow localhost connections. Of course you could add something like:
ipfw del 120
ipfw del 130
ipfw del 140
Or whatever the numbers of the rules that allow localhost connections are. Either way you have to find a way to be "outside" the firewall.
Now, ask a friend, or by yourself do a nmap scan (you can install it in freeBSD from
/usr/ports/security/nmap). The command should be something like:nmap -v -O -sS your.host.com
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
