Subject: Re: Thanks and some Questions....
To: David Maxwell <email@example.com>
From: Michael Cozzi <firstname.lastname@example.org>
Date: 10/05/2004 15:19:35
David Maxwell wrote:
>On Tue, 05 Oct 2004, Michael Cozzi wrote:
>> I have one problem though. I'm one of those folks who came to Unix
>>from Linux and though I'm getting along pretty fine, I'm a bit lost on
>>the capabilities for firewalling through the kernel.
>Make sure your kernel config includes:
>pseudo-device ipfilter # IP filter (firewall) and NAT
>I see that it is commented out in the GENERIC kernel. It was commented
>out with the cvs message 'Shrink a little again to avoid firmware
>limits'. (I don't have a cobalt, so I'm not familliar with the firmware
>Create /etc/ipf.conf (from examples below) and set ipfilter=YES in
Thank you for your detailed response. It was very helpful.
Depending on the issue with the kernel, I may not be able to
firewall in this manner because the boot ROM on a Raq2 has a kernel size
My security policy when running Linux has been essentially to make
all unused ports, and ICMP, unresponsive, with a port scan detector set
to block scanning IPs semi-permanently by the time they would be able to
get any useful information. It's not the only security related thing the
boxes do, but it is helpful.
It's clear I'm in a different world with this Raq2 and NetBSD. The
layout is quite different than what I'm used to.
Time to learn a new OS...