On Tuesday 02 December 2003 18:29, fbsd_user wrote: > Thank you for responding with pointers to where I > can find some very limited documented info on the > MIB's I asked about.
You're welcome. > The only conclusion one can draw from the test results is that > IPFILTER gets access to the packets before the log_in_vain Mib > does. To extrapolate on this, it would indicate the other network > security Mibs I pointed out in my original post are in the same boat > as log_in_vain. I haven't looked at specifics, but this sounds logical to me. MIB's control or inform about system states. A firewall's task is to prevent stuff from entering the system. > The remaining question then is does the IPFW firewall work the same > way. If it does then all those network security Mib's only have > effect on FBSD systems that are not running an firewall. Not necessarily. You blocked all traffic, so the system does not register the specific event you're looking at. Did you try just enabling the firewall but setting an "allow all" rule? > It's my opinion that in today's world of such emphasis on network > security that an clear understand of these MIB's are absolutely > necessary, indispensable, requisite information that has to be > disseminated to the FBSD community and not buried in some obscure, > very hard to find place like it currently is. Documentation on many MIB's is hard to find indeed. Maybe you should join the documentation team to help out - but - in this specific case, the 2 ( ipfw2 on -CURRENT makes 3 even) firewall implementations are well documented and should instead be used if one is concerned about security, because they can log and handle anything *before* it enters the system. > Here is the documentation I created in the sysctl.conf file. What do > you think about it? I would have to look at specifics and I think [EMAIL PROTECTED] would be a more appropreate place to get some definitive answers. -- Melvyn ======================================================= FreeBSD sarevok.idg.nl 5.2-BETA FreeBSD 5.2-BETA #0: Wed Dec 3 20:13:44 CET 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SAREVOK_NOACPI i386 =======================================================
pgp00000.pgp
Description: signature
