The default/optimal firewall settings

Pwkepkw

New Member


Messages: 14

I learned that freebsd doesn't have a firewall running out of the box. I have no network knowledge. And as a desktop user, I find it a little bit unneccesary to learn little to moderate level of networking. Is there a GUI I can use to configure my fiewall to optimal settings?
 

Trihexagonal

Daemon

Reaction score: 1,013
Messages: 1,684

I show you how to set up pf firewall and supply a basic ruleset that should suffice for a simple desktop:


It's a trimmed down version of the one I use on my boxen that is provided on the second page in the comments.


GUI? We don't need no stinkin' GUI! You either. ;)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 8,050
Messages: 31,634

And as a desktop user, I find it a little bit unneccesary to learn little to moderate level of networking.
If you're on a typical home network, modem/router with NAT, you don't actually need a local firewall any way.
 

sidetone

Daemon

Reaction score: 429
Messages: 1,161

Code:
firewall_enable="YES"
firewall_type="workstation"
That's for desktop. There are other ones to choose from.
 

Trihexagonal

Daemon

Reaction score: 1,013
Messages: 1,684

If you're on a typical home network, modem/router with NAT, you don't actually need a local firewall any way.
Over the past few days surfing new sites I did my normal NoScript thing to selectively allow JavaScript for the site I was visiting. I noticed that each of the sites only had 2 scripts listed that wanted JS enabled. One for the domain I was visiting needed JS enabled for full functionality (not all do including mine) but the second was the same plain IP address on every site that wanted JS enabled as well. Didn't happen. Thank you, NoScript

When I checked the IP# it belonged to my ISP and it was not even the same sub-net my machine was using. So I made a new rule and blocked it, rebooted and am still able to access the net.

That doesn't mean my ISP can't track me but they'll be doing it without JS enabled and not from that IP# or any other NoScript alerts me to thanks to pf.

I'm on a typical home Ethernet LAN with a commercial router/firewall but don't trust it nearly as much as pf and wouldn't think of going online without it enabled. Setting up pf is the first thing I do when rebuilding my system.


Edit: It wasn't quite as easy as only making a block in rule. It still showed up when visiting a site tonight so I made one to block outgoing traffic to that IP#. Now I can't access the site from my machine but was able to access the forums without any problem.

spyonme.png

Seems Charter wants to see what certain sites I visit consist of. This was a medical related site I was visiting with nothing to do with Charter and nothing nefarious about it whatsoever. Neither is it any of their business, or my only option to get online and beat that kind of thing. :p
 
Top