101 FreeBSD Ipfw resources

"Which firewall do you like most in FreeBSD?", my friend ask me.

Hmmm….

Not sure, at first time I use ipfw and already put some collection of useful link, in my bookmark 🙂

Since pfsense use pf and freebsd itself include pf in native make me think to recall the link into of ipfw for this blog 😉

  1. Ipfw FreeBSD handbook. More than enough, start from configuring, command, rule sets, examples.
  2. Firewall setup, howto secure and share a internet connection on FreeBSD with a stateful ipfw firewall rules, network address translation (NAT) daemon (natd) with a traffic shaping using dummynet to divide the bandwidth evenly betwain all clients.
  3. Invisible Bridging Firewalls Using ipfw and FreeBSD 4.x, this document is NOT an ipfw tutorial – it is simply a step by step guide to the installation of an invisible bridging
    firewall on the FreeBSD 4.x operating system.  Also included are methods to use this firewall in a non-invisible setting and
    some sample ipfw rules.
  4. FreeBSD Firewall Explained, howto setup a ipfw stateful firewall on FreeBSD with a simple ruleset and explain certain details, including natd interaction.
  5. Setting up a FreeBSD Wireless Access Point, this article describes how to set up an open wireless access point on FreeBSD 4.9 including the creation of a "captive portal" and bandwidth limiting using IPFIREWALL.
  6.  FreeBSD snort IDS installation, the steps for installing an IDS sensor on FreeBSD 5.4. This document contains the small differences between
    FreeBSD 5.4 and FreeBSD 6.0
  7. Walled Garden: FreeBSD + natd + ipfw + squid , overview of the steps it takes to create a Walled Garden using FreeBSD, natd, ipfw and squid.
  8. Mini tutorial: FreeBSD ipfw bandwidth rate limiting,
  9. Armoring FreeBSD, ipfw section.
  10. Asterisk firewall rules, This is an example on how to configure a FreeBSD IPFW firewall for Asterisk.
  11. WIPFW, WIPFW is a MS Windows operable version of IPFW for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW. IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions. There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.
  12. FreeBSD Dummynet, especially as a transparent bridge network impairment
  13. Ipfw-Advanced-Supplement-HOWTO
  14. Some Basic IPFW Rules to get you Started, This should cover basic IPFW rules. It will be enough to get your server running. #Only log 1000 lines, this is incase of DDoS so your machine is not
  15. Implementing Pushback: Router-Based Defense Against DDoS Attacks …
  16. ipfw Rules, a set of ipfw rules to customize for your own Macs or FreeBSD systems
  17. Help Build The Best IPFW Firewall Rules Sets Ever
  18. IPFW Configuration Help, The following is a ‘short list’ of the things that need to be accomplished to get ipfw running on your computer 
  19. Router with ipfw, Configure a router with FreeBSD.
  20. Firewall Builder, Object-oriented GUI and set of compilers for various firewall platforms. Currently implemented compilers for iptables, ipfilter, OpenBSD pf, ipfw, Cisco PIX firewall and routers access lists.
  21. A bare bones home firewall, this is a bare bones, protect-this-machine-only firewall and will work fine if you have no network behind your FreeBSD machine and no special needs.
  22. A fancy home firewall, If you’ve got a home network or are running any sort of network server that you want open to the internet.

I’ll add more link, maybe you can share your fav

Updated : November 22 2007

in Unix | 633 Words

zombie and defunct

tp# top
last pid: 23639;  load averages:  0.00,  0.00,  0.00
                             up 13+06:57:13  13:53:54
65 processes:  1 running, 63 sleeping, 1 zombie
CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Mem: 181M Active, 1535M Inact, 199M Wired, 79M Cache, 112M Buf, 4008K Free
Swap: 4096M Total, 88K Used, 4096M Free

wow, 1 zombie

first time I see this ‘zombie’

further work to see that zombie

ftp# ps -aux | grep Z
USER      PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root    24487  0.0  0.0     0     0  ??  Z     2:00PM   0:00.00 <defunct>

<defunct>

what was thta?

from here :

http://www.cts.wustl.edu/~allen/kill-defunct-process.html

Defunct processes are processes that have become corrupted in such a
way the no long can communicate (not really the right word, like
signal each other) with their parent or child process. So kill the
parent or child and 99% of the time (around here at least) the defunct
process will go away! No parent or child, your out of luck, or look
for a stuck automount.

Hmm….

in Unix | 206 Words

Problem with cvsup12, use other server

When doing updating ports every 3 days I see this in this morning :

ftp# cvsup -g -L2 ports-supfile
Parsing supfile "ports-supfile"
Connecting to cvsup12.FreeBSD.org
Connected to cvsup12.FreeBSD.org
Server software version: SNAP_16_1h
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/README,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/delete,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/dirlist,v": No such file or directory
Server warning: Cannot open "/cvs/cvsupd/prefixes/FreeBSD.cvs/ports/Tools/portbuild/2.2/bindist/files/usr/bin/uname,v": No such file or directory
……………………

Wow, after see my ports-supfile nothing changed :

*default host=cvsup12.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix

*default compress

ports-all

 

Hmmm….

Ok, try another server

ftp# cvsup -g -L2 ports-supfile -h cvsup10.freebsd.org
Parsing supfile "ports-supfile"
Connecting to cvsup10.freebsd.org
Connected to cvsup10.freebsd.org
Server software version: SNAP_16_1h
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs
 Checkout ports/audio/xmms2/files/patch-src_clients_lib_python_xmmsapi.pyx
 Edit ports/databases/mysql-query-browser/Makefile
  Add delta 1.10 2007.11.12.23.43.33 pav
 Edit ports/databases/oracle8-client/Makefile
  Add delta 1.4 2007.11.13.20.25.46 fjoe
 Edit ports/databases/oracle8-client/distinfo
  Add delta 1.3 2007.11.13.20.25.46 fjoe
 Edit ports/databases/py-tada/Makefile
  Add delta 1.5 2007.11.14.22.53.57 pav
…………………….

Fiuh, it seem problem occur in cvsup12.freebsd.org

I hope it will fix immediately

 

in Unix | 294 Words

Configure Vlan on Vmware and Dynamips : step by step

From mmliac in hacki forum :

I have tested trunking between two 3660 with NM-16ESW and it works fine.
Connected 3 Wmware computers on each side in 2 different vlans.
Vlan information is being transferred from the VTP server to the VTP client.

I am using Vmware Workstation 5.0 and Dynamips is running on the host computer

Heres step by step configure vlan on vmware and dynamips :

Start by configuring new virtual interfaces in Vmware.

Continue reading

in Blog | 646 Words

Making pdf file : List of freeware

"I can’t upload my pdf file to ftp, whats wrong?", a student asked me that question this evening.

He make his report in MS Word and use adobe distiller to produce pdf file.

"Wait", I checked his ftp quota and see that still plenty of room there for him 🙂

Around 20MB of free space available.

One pdf file larger than 20MB (that thing crossing my mind till I try to use openoffice, using its export to pdf feature and produce 1,3 MB.

What the heck. I don’t know about setting that technician use in the class but thats big difference between 28MB ( pdf file produced by adobe distiller)  versus 1.3 MB from openoffice.

After solve his temporary problem I do search with google to find out other freeware that might help to produce pdf file and here my result :

Continue reading