Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th June 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
Join Date: Jan 2011
Posts: 70
Default IPFW and sysctl variables questions

I'm wanting to write a simple firewall for my bastion host(mail server). In Linux you can enable source address verification as a sysctl variable. This defeats some spoofing attacks. Does "source address verification" have to be done in IPFW or is there a sysctl variable for for this? Also which icmp messages would you recommend dropping?(for the moment i don't have time to set up snort, so i want as little traffic as possible getting through)
How would you recommend dealing with fragmented packets, bearing in mind that the only other firewall in front of this mail server is my border router(Internet gateway)?
Thanks for any advice
Reply With Quote
  #2   (View Single Post)  
Old 12th June 2011
nilsgecko's Avatar
nilsgecko nilsgecko is offline
Port Guard
Join Date: Apr 2011
Location: Chicago, USA
Posts: 45

You don't have to set a sysctl for source checking with IPFW. You can do:
Off the top of my head,

ipfw add 00010 deny log ip from any to any not verrevpath

At the beginning which I believe does the same thing? Please anyone correct me if I'm wrong. The info is in the man page too.

As far as icmp types, check out this website for an example ruleset where the author explains which ones he's allowed etc.

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sysctl.conf settings not loading on boot Kuboaa FreeBSD General 2 18th November 2010 08:35 AM
Dereferencing sh variables J65nko Programming 3 29th January 2010 02:34 AM
sysctl and cpu information and temperature neurosis FreeBSD General 11 22nd October 2008 09:16 PM
Get sysctl value from a C program DNAeon FreeBSD Ports and Packages 3 29th September 2008 07:28 PM
passing make args/variables to builds of prerequisite ports jbhappy FreeBSD Ports and Packages 2 18th July 2008 02:35 PM

All times are GMT. The time now is 03:07 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick