nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

OPEN BSD 3.9 Firewall

This is a discussion on OPEN BSD 3.9 Firewall within the All about FreeBSD/OpenBSD/NetBSD forums, part of the *BSD Operating systems category; New to nixCraft forum. We have Open BSD 3.9 firewall in place and it works fine. We have full access ...


Go Back   nixCraft Linux Forum > *BSD Operating systems > All about FreeBSD/OpenBSD/NetBSD

Linux answers from nixCraft.


All about FreeBSD/OpenBSD/NetBSD Discuss all about the Rock solid FreeBSD/OpenBSD/NetBSD. You are free to talk about any issues related to BSD administration, networking, services and other stuff, share information or ask doubts.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-08-2008, 04:47 AM
Junior Member
User
 
Join Date: Jul 2008
Location: Honolulu, Hawaii
OS: Debian
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
HawaiiMan08 is on a distinguished road
Default OPEN BSD 3.9 Firewall

New to nixCraft forum. We have Open BSD 3.9 firewall in place and it works fine. We have full access with L & P and would like to learn more on the OS side from someone who has experience with firewall setup and operations. All thread posts will be appreciated.
Reply With Quote
  #2 (permalink)  
Old 02-08-2008, 05:34 AM
rockdalinux's Avatar
Is that all you got?
User
 
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default

Hi,

Welcome to forum!

Do you have any specific question or problem regarding PF firewall? Do you need information about specific topic?

BTW, OpenBSD 4.3 is stable version.
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
  #3 (permalink)  
Old 02-08-2008, 06:32 AM
Junior Member
User
 
Join Date: Jul 2008
Location: Honolulu, Hawaii
OS: Debian
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
HawaiiMan08 is on a distinguished road
Default OpenBSD 3.9 Firewall

Specifically we would like to do the following:

1. Monitor incoming traffic and see the logs.
2. Be able to connect additional servers to the Internet via Port 80.
3. To open and close new ports.
4. To update OpenBSD.
5. To see incoming mail and re-direct alerts to admin or a email address.

We need a full evaluation of the current setup and activate other features that I believe are available in OpenBSD for more effective management.
Reply With Quote
  #4 (permalink)  
Old 02-08-2008, 01:48 PM
rockdalinux's Avatar
Is that all you got?
User
 
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default

Quote:
Originally Posted by HawaiiMan08 View Post
1. Monitor incoming traffic and see the logs.
/var/log/pflog is default binary log file. To monitor traffic in real time type
Code:
tcpdump -n -e -ttt -i pflog0
To view the log file:
Code:
tcpdump -n -e -ttt -r /var/log/pflog
However, you need to log traffic using log keyword, for example, log all udp 53, traffic you may enter something as follows:
Code:
pass in log (all) on em1 inet proto udp port 53 keep state
Quote:
Originally Posted by HawaiiMan08 View Post
2. Be able to connect additional servers to the Internet via Port 80.
One port can be used by one server at a time. So port 80 can be used by apache. What do you mean by connect additonal servers via port 80?
Quote:
Originally Posted by HawaiiMan08 View Post
3. To open and close new ports.
You need to use following rule to open port, 80 or 22
Code:
pass in on $ext_if proto tcp from any to any port 80 flags S/SA synproxy modulate state
# Open SSH port
pass in on $ext_if proto tcp from any to any port 22 flags S/SA synproxy modulate state
Quote:
Originally Posted by HawaiiMan08 View Post
4. To update OpenBSD.
15 - The OpenBSD packages and ports system
Quote:
Originally Posted by HawaiiMan08 View Post
5. To see incoming mail and re-direct alerts to admin or a email address.
You can see it via log file located in /var/log directory. Usually, it is /var/log/maillog.
Code:
tail -f  /var/log/maillog
Try following resources for further information:
PF Firewall
  1. PF: The OpenBSD Packet Filter
  2. https://calomel.org/pf_config.html
  3. man pages pf, pf.conf, pfctl
  4. Book- The Book of PF - A No-Nonsense Guide to the OpenBSD Firewall
  5. Book - Absolute OpenBSD
  6. Building Firewalls with OpenBSD and PF

If you have more question, just reply back.

HTH
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
Reply

Tags
open bsd 3.9 firewall , openbsd , pf firewall


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads

Thread Thread Starter Forum Replies Last Post
creating firewall ramsatpm Networking, Firewalls and Security 1 28-03-2008 09:15 AM
Firewall issues shilpigoel1 Networking, Firewalls and Security 3 30-10-2007 03:47 AM
squid without firewall meenal Networking, Firewalls and Security 1 29-10-2007 03:54 PM
MCP61 firewall racer Linux hardware 0 11-10-2007 03:27 AM
suse 9 firewall click007 Getting started tutorials 5 15-08-2007 11:29 PM


All times are GMT +5.5. The time now is 08:54 PM.


Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38