Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewall Implimentation - Recomendations
Special Forums Cybersecurity Firewall Implimentation - Recomendations Post 302090083 by DraconianTimes on Friday 22nd of September 2006 10:26:06 AM
Old 09-22-2006
Quote:
Originally Posted by pathological
But yes, it does go from Internet > Modem > Firewall (Hardware) > *.*.2.* Network. we have 2 outs form the firewall, the other one goes into another 2 network switch. (Replication) ... We get blasted with viruses like nobodies business, well we are BETTER now that we have some new firewall policies in place ... statics are more important, that is what my Bosses care about when they sign off on buying this stuff.
Well, OpenBSD is free so that price is always a winner in my book! As for hardware, this is of course dependent on the number of packets / size of the pipe you've got connected. An old pentium box will handle T1 speeds with relative ease. After you're read up on the basics of OpenBSD and pf, check out CARP - this allows you to have redundant OpenBSD firewalls which failover in the event of a problem, and it is very configurable.

From what you described above, it sounds like you're trying to achieve redundancy through a partial mesh... it is worth remembering that the "hardware firewall", modem and link to the ISP are all single points of failure which could make all your other efforts moot. BTW, what is this other hardware firewall? Diagram below shows how you might get OpenBSD/pf/CARP in place... but it also shows your single points of failure!

Image

Also, what measures are you taking to inspect traffic for malicious types? Are you running some form of mail/web inspection (MAILSweeper/WEBSweeper or maybe squid/postfix with clamav?)

Nick
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies

2. Cybersecurity

Looking Out from Behind a Firewall

Would it be possible to restrict access to internet pages in the following way? A machine: IP = 128.1.17.123 Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable. B machine: IP = 128.1.17.146 Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies

3. UNIX for Dummies Questions & Answers

Firewall Box

I am a novice to linux and unix and command line, I am willing to jump in head first. I have a couple older computers, one is a dell XPS with a P2 Proccessor and th other is a old old sony VIAO. I have a small home network 3 computers...i have my DSL modem then thats connected to my wireless... (2 Replies)
Discussion started by: Tabryan07
2 Replies

4. Shell Programming and Scripting

crone job implimentation

I wanted to enable one shell script in the cronetab,how to do crone tabe enabling pl help me:( regards, ramesh (1 Reply)
Discussion started by: Ramesh Vellanki
1 Replies

5. Cybersecurity

help with firewall

hi everyone I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables. anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies

6. AIX

Firewall

:b:Hi,, How do configure firewall in aix.. similar to linux iptable. Rgards, k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies

7. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

8. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

9. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

LEARN ABOUT DEBIAN

fwbuilder

fwbuilder(1)							 Firewall Builder						      fwbuilder(1)

NAME

       fwbuilder - Multiplatform firewall configuration tool

SYNOPSIS

       /usr/bin/fwbuilder [-ffile.fwb] [-d] [-h] [-ofile] [-Pobject_name] [-r] [-v]

DESCRIPTION

       fwbuilder is the Graphic User Interface (GUI) component of Firewall Builder.

       Firewall  Builder  consists  of	a  GUI	and  set of policy compilers for various firewall platforms. It helps users maintain a database of
       objects and allows policy editing using simple drag-and-drop operations. GUI generates firewall description in the form of XML file,  which
       compilers  then	interpret and generate platform-specific code. Several algorithms are provided for automated network objects discovery and
       bulk import of data. The GUI and policy compilers are completely independent, this provides for a consistent abstract model  and  the  same
       GUI for different firewall platforms.

       Firewall  Builder  supports  firewalls  based  on  iptables  (Linux kernel 2.4.x and 2.6.x, see fwb_ipt(1)), ipfilter (variety of platforms
       including *BSD, Solaris and others, see fwb_ipf(1)), pf (OpenBSD and FreeBSD, see fwb_pf(1)), ipfw (FreeBSD and others),  Cisco	PIX  (v6.x
       and 7.x) and Cisco IOS extended access lists.

OPTIONS

       -f FILE
	      Specify the name of the file to be loaded when program starts.

       -r     When this command line option is given in combination with -f file, the program automatically opens RCS head revision of the file if
	      file is in RCS. If file is not in RCS, this option does nothing and the file is opened as usual.

       -d     Turns on debug mode. Note that in this mode the program generates lots of output on standard error. This is used for debugging.

       -h     Prints brief help message

       -o file
	      Specify the name of the file for the print output, see option "-P".

       -P object_name
	      Print rules and objects for the firewall object "object_name" and immediately exit. The program does not go into	interactive  mode.
	      Print  output  will  be  placed in the file specified with "-o" option.  If file name is not given with option "-o", print output is
	      stored in the file "print.pdf" in the current directory.

FILES

       $HOME/.qt/firewallbuilder2rc
	      Fwbuilder v2.1 stores user preferences in this file.

       $HOME/.config/netcitadel.com/Firewall Builder.conf
	      Fwbuilder v3.0 stores user preferences in this file.

URL

       Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/

BUGS

       Please report bugs using bug tracking system on SourceForge:

       http://sourceforge.net/tracker/?group_id=5314&atid=105314

SEE ALSO

       fwblookup(1), fwb_ipt(1), fwb_ipf(1), fwb_pf(1)

FWB
																      fwbuilder(1)
All times are GMT -4. The time now is 01:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy