*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all. I would like to find out how to set up a simple firewall for my OpenBSD machine. Not NAT/Router or anything like that. Links and or advise is appreciated.
Thanks for the link but what I was looking for is some simple examples not a manual on how to do everything. I already looked there and couldn't figure it out. That is why I posted here.
I would have to believe that someone is doing the same thing that I want to do and can provide their experience.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
jeempc, that second link has a very small example showed completely at the bottom of the page, with each part of it explained above. If that is not simple enough for you, then you must say exactly what you're looking for and why the example above is not what you want. It really is extremely simple.
Protect one machine and only allow ssh and http.
Sorry about being so vague. I am used to Linux where there are many canned scripts for a basic setup.
Jeempc
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well, that's a major difference between BSD and Linux. In the BSD OSs, the documentation is extremely good and they provide good examples in the man pages and on-line documentation, so it's easy to understand and you can write your own (with the bonus of you knowing why it works the way it does).
For the most part, Linux distributions have rather poor documentation, but a lot of people post their config files for other people to blindly download and use. The end result is that many Linux users don't end up knowing why their services work the way they do, and in particular don't understand how their firewall works. That's bad!
For something as important as security, you should understand how everything works so you know what to change and what effect it will have if you do change something. You should attempt to learn how packet filtering works in the BSD operating systems rather than just ask for someone to give you rules. I could give you a config file that would work, but you would have to trust me that I didn't purposely leave a vulnerability that I could exploit later, and if you ever wanted to change anything with it more than likely you would ask me instead of changing it yourself.
I suggest that you take the time to read the Home or Small Office example that was pointed out to you above. The example shows 3 local machines, but it still applies to what you want. If you actually read the example, you would see that SSH connections are allowed from the outside to the firewall, and HTTP requests are redirected to COMP3 in the example. If you want SSH and HTTP to go to a machine behind the firewall, then change the SSH rule to look like the HTTP rule. If your SSH and HTTP servers are both on the same machine as the firewall, then change the HTTP rule to look like the SSH rule.
All the BSD packet filter languages (IPF, IPFW, PF) are written in "natural language", so there should be no problem at all comprehending them if you take the time to read the documentation.
Thanks. I appreciate the concern for security. It is funny because I couldn't get anywhere on google except long explanations about packet filtering.
I will take the time to learn it the right way--I was going to anyways, I just wanted a framework to get started.
Thanks for explaining how the BSD community works.
It will save me from asking other questions that get the RTFM responses
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Read the FAQ that was linked all the way near the top of this thread, and also read the pf.conf man page [pf.conf(5)]. Those will explain what you need to know to setup a firewall with OpenBSD. pf.conf(5) shows all the possible options to use, so it gives you ideas of other rules you could setup. You should also read pfctl(8) (to see how to manipulate PF from the command line), pflogd(8) (for instructions on setting up logging), and ftp-proxy(8) (for an explanation of how PF handles FTP traffic).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.