What firewall would you suggest for a FreeBSD 5.1 newbie?

ipfw comes with freebsd. :) once again, check /usr/ports :D

nevermind, it's not in the ports. i belive you need to build it from the kernel. i'll check to make sure.

yes, you need to configure the kernel for a firewall. then from there use ipfw to configure the actual firewall. here's some good info on both ipfw and ipfilter: http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html and here's the man page for ipfw: http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+5.1-RELEASE+and+Ports&format=html

lol

Thanks LogicBrendan! Off to do some reading and then see if I can lock myself out of my local test server :D

I especially like this quote from page three of the above link:

Creating a good ruleset is a bit of a fine art; if you're creating a firewall for the first time, wait until you have a block of time where it's not essential to have a network connection and you have the time to try things and reboot and try something else and reboot, etc. You'll find that the logic used by ipfw will not necessarily be the same logic you use.

At least it's not just me :)

As I'm reading the above, let me as this as well: are there any tools like bastille or APF for freebsd that will allow me to start with a somewhat intelligent default rule set for a typical web server and / or have advanced capebilities to adjust rules on the fly based on probes/attacks/etc.?

i'm sure you could look at other's rulesets for ideas and tweak them for freebsd. as for on the fly changes, i have no idea. and if your box is getting packeted, you won't be able to login remotely and create rules from ssh. if it gets that bad, i'd end up contacting the datacenter.

You can read a little bit about ipfilter and about general FreeBSD admin at www.schlacter.net and you can see a minimum ruleset too.

There is:

ipfw. ipfw2 and ipf.

I recomend using ipfw2 or ipfw, I also recomended asking lots of questions reguarding rule-sets once again if you add a wrong rule-set your locked out of the box, It might be a good idea to code a small shell script to remove the firewall on a crontab of 10 minutes, if the rule locks you out of the box the rule will be removed in 10 minutes. This has saved me on a few machines being remote.

If you have any questions after compiling ipfw into the kernel or ipf please contact me or someone knowning what there doing. thanks in advance =P and good luck.

Personally I prefer IPF. In my opinion the rulesets are a lot easier to work with.