Results 1 to 4 of 4

Thread: OPEN BSD 3.9 Firewall

  1. #1
    Junior Member
    Join Date
    Jul 2008
    Location
    Honolulu, Hawaii
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default OPEN BSD 3.9 Firewall

    New to nixCraft forum. We have Open BSD 3.9 firewall in place and it works fine. We have full access with L & P and would like to learn more on the OS side from someone who has experience with firewall setup and operations. All thread posts will be appreciated.

  2. #2
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    19

    Default

    Hi,

    Welcome to forum!

    Do you have any specific question or problem regarding PF firewall? Do you need information about specific topic?

    BTW, OpenBSD 4.3 is stable version.
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

  3. #3
    Junior Member
    Join Date
    Jul 2008
    Location
    Honolulu, Hawaii
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default OpenBSD 3.9 Firewall

    Specifically we would like to do the following:

    1. Monitor incoming traffic and see the logs.
    2. Be able to connect additional servers to the Internet via Port 80.
    3. To open and close new ports.
    4. To update OpenBSD.
    5. To see incoming mail and re-direct alerts to admin or a email address.

    We need a full evaluation of the current setup and activate other features that I believe are available in OpenBSD for more effective management.

  4. #4
    Is that all you got? rockdalinux's Avatar
    Join Date
    May 2005
    Location
    Planet Vegeta
    Posts
    987
    Thanks
    27
    Thanked 71 Times in 62 Posts
    Rep Power
    19

    Default

    Quote Originally Posted by HawaiiMan08 View Post
    1. Monitor incoming traffic and see the logs.
    /var/log/pflog is default binary log file. To monitor traffic in real time type
    Code:
    tcpdump -n -e -ttt -i pflog0
    To view the log file:
    Code:
    tcpdump -n -e -ttt -r /var/log/pflog
    However, you need to log traffic using log keyword, for example, log all udp 53, traffic you may enter something as follows:
    Code:
    pass in log (all) on em1 inet proto udp port 53 keep state
    Quote Originally Posted by HawaiiMan08 View Post
    2. Be able to connect additional servers to the Internet via Port 80.
    One port can be used by one server at a time. So port 80 can be used by apache. What do you mean by connect additonal servers via port 80?
    Quote Originally Posted by HawaiiMan08 View Post
    3. To open and close new ports.
    You need to use following rule to open port, 80 or 22
    Code:
    pass in on $ext_if proto tcp from any to any port 80 flags S/SA synproxy modulate state
    # Open SSH port
    pass in on $ext_if proto tcp from any to any port 22 flags S/SA synproxy modulate state
    Quote Originally Posted by HawaiiMan08 View Post
    4. To update OpenBSD.
    15 - The OpenBSD packages and ports system
    Quote Originally Posted by HawaiiMan08 View Post
    5. To see incoming mail and re-direct alerts to admin or a email address.
    You can see it via log file located in /var/log directory. Usually, it is /var/log/maillog.
    Code:
    tail -f  /var/log/maillog
    Try following resources for further information:
    PF Firewall
    1. PF: The OpenBSD Packet Filter
    2. https://calomel.org/pf_config.html
    3. man pages pf, pf.conf, pfctl
    4. Book- The Book of PF - A No-Nonsense Guide to the OpenBSD Firewall
    5. Book - Absolute OpenBSD
    6. Building Firewalls with OpenBSD and PF


    If you have more question, just reply back.

    HTH
    Rocky Jr.
    What's wrong? I hope I am not making you uncomfortable...

    Never send a boy to do a mans job.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. MCP61 firewall
    By racer in forum Linux hardware
    Replies: 1
    Last Post: 30th October 2012, 08:28 PM
  2. creating firewall
    By ramsatpm in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 28th March 2008, 09:15 AM
  3. Firewall issues
    By shilpigoel1 in forum Networking, Firewalls and Security
    Replies: 3
    Last Post: 30th October 2007, 03:47 AM
  4. squid without firewall
    By meenal in forum Networking, Firewalls and Security
    Replies: 1
    Last Post: 29th October 2007, 03:54 PM
  5. suse 9 firewall
    By click007 in forum Getting started tutorials
    Replies: 5
    Last Post: 15th August 2007, 11:29 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •