Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
bsd [2008/12/28 20:04]
a + OSSEC and Pf on FreeBSD to Limit SSH Brute Forcing
bsd [2010/06/08 13:50] (current)
a + FreeWDE - FreeBSD with Whole Disk Encryption
Line 5: Line 5:
    * [[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html|Building and Installing a Custom Kernel]]    * [[http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html|Building and Installing a Custom Kernel]]
    * [[http://taosecurity.blogspot.com/2008/12/ossec-and-pf-on-freebsd-to-limit-ssh.html|OSSEC and Pf on FreeBSD to Limit SSH Brute Forcing]]    * [[http://taosecurity.blogspot.com/2008/12/ossec-and-pf-on-freebsd-to-limit-ssh.html|OSSEC and Pf on FreeBSD to Limit SSH Brute Forcing]]
 +   * [[http://rop.gonggri.jp/?p=269|FreeWDE - FreeBSD with Whole Disk Encryption]]
 </box> </box>
 <html></div></html> <html></div></html>
 ===== FreeBSD ===== ===== FreeBSD =====
    
 +
 +
  
  
Line 47: Line 50:
  
   ipfw list   ipfw list
 +
 +**Firewalling IPv6**
 +Below some rules of implementing firewall in FreeBSD. //Using IPFW (please compile your kernel, if it’s not supported).// It’s easy as IPv4.
 +
 +<code>
 +# Simple Firewall :
 +(allow network 2404:170::/32 to any host)
 +ip6fw add 100 allow all from 2404:170::/32 to any in via fxp0
 +
 +(allow network 2001:dc6::/32 to any host)
 +ip6fw add 200 allow all from 2001:dc6::/32 to any in via fxp0
 +
 +(allow all ipv6 to host 2404:170:ee02::10)
 +ip6fw add 300 allow all from :: to 2404:170:ee02:ee02::10 in via fxp0
 +
 +(deny other all traffic).
 +ip6fw add 1000 deny all from any to any in via fxp0
 +</code>
 +
 +**FreeBSD GRE tunnels**
 +
 +<code>
 +b0x# kldstat
 +Id Refs Address Size Name
 +1 5 0xc0400000 34f898 kernel
 +2 14 0xc0750000 56270 acpi.ko
 +3 1 0xc0c97000 1c000 ipl.ko
 +4 1 0xc15ef000 4000 if_gre.ko
 +
 +# kldload if_gre.ko
 +# sysctl -w net.inet.ip.gre_default_mtu=1450
 +# ifconfig gre1 create
 +# ifconfig gre1 tunnel 217.154.12.2 212.25.240.34
 +# ifconfig gre1 mtu 1450
 +# ifconfig gre1 inet 10.1.12.38 10.1.12.37 netmask 255.255.255.252
 +# ifconfig gre1 up
 +<code>
 +
 +or
 +
 +   # ifconfig gre1 inet 10.1.12.37 10.1.12.38 netmask 255.255.255.252 up
 +   # /usr/sbin/greconfig -i gre1 -v -s 212.25.240.34 -d 217.154.12.2
  
  
Line 52: Line 97:
    * [[http://www.openbsd.org/faq/pf/carp.html|Firewall Redundancy with CARP and pfsync]]    * [[http://www.openbsd.org/faq/pf/carp.html|Firewall Redundancy with CARP and pfsync]]
    * [[http://www.benzedrine.cx/ackpri.html|Prioritizing empty TCP ACKs with pf and ALTQ]]    * [[http://www.benzedrine.cx/ackpri.html|Prioritizing empty TCP ACKs with pf and ALTQ]]
 +
 +**Manual IPv6 configuration** 
 +
 +   ifconfig rl0 inet6 2001:470:1f01:115::4 prefixlen 64  # add address
 +   ifconfig rl0 inet6 2001:470:1f01:115::4 delete        # remove address
 +   route -n add -inet6 default 2001:470:1f01:115::     # default route
 +
 +
  
 ===== NetBSD ===== ===== NetBSD =====
 +
 +**Basic config:**
 +
 +   ifconfig tlp0 inet6 2001:470:1f01:115::8 prefixlen 64  # add address
 +   ifconfig tlp0 inet6 2001:470:1f01:115::8 delete        # remove address
 +   route add -inet6 default default_ip6_gateway_addr      # default route
 +
 +**Setting up an IPv6-over-IPv4 tunnel:**
 +
 +   ifconfig gif0 create
 +   ifconfig gif0 tunnel local_ip4_addr remove_ip4_addr
 +   ifconfig gif0 inet6 local_ip6_addr remote_ip6_addr prefixlen /128
 +
 +For more information on IPv6 and NetBSD, please consult the [[http://www.netbsd.org/Documentation/network/ipv6/|NetBSD IPv6 Networking FAQ]]
 +
 ===== FruBSD ===== ===== FruBSD =====
 Going through heavy developing phase ...  Going through heavy developing phase ... 
bsd.1230491049.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready