[BUGS] question about how firewalls work
jonathan michaels
jlm at caamora.com.au
Tue Nov 20 18:07:54 EST 2007
greetings all
as teh subject line says, i am trying to find out not how
firewalls work rather if i am likely to get swamped by
"garbage" type billable traffic.
please excuse teh vocabulary, i am still coming to terms with
teh new language of administration.
i am currently running freebsd v6.2-release as my gateway and
network software 'router'. specifically, pf as teh toolkit to
build teh firewall.
a couple of years ago (mid sept 2003/2005 ??) a new kind of
internet attack named red-something or other that esentially
flooded any routers entire "advertised' network address range
(please what is teh correct name for this function) in my case
a class c (/24 i think) my billable traffic jummped from $20 a
month to over $1400 the next month (on a 14 kbit/s dialup
analogue modem, with an advertised /24 block).
i effected a basic ipfw (on freebsd v2.2.7-release) and
subnetted from /24 down to a /29 (leaving me with 14 usable ip
addresses) and the teh traffic (billable + garbage + 'red-whatever
+ping + all teh rest and of course my own 50 mb of browsing and mail
and mailinglist traffic) dropped from teh previous $1k4 to a
hi-ish but managable for me $40/month shortterm, time enough to
improve teh firewall ruleset and or get a router and hardwire teh
ruleset albeit at /29 subnet level.
recenly, i moved from freebsd v2.2.7 and its ipfw over to
freebsd v6.2-release and its resident pf toolkit set. after
nutting out a starting ruleset to my surprise i had several
months with zero billables no i didn't use default "deny all"
and implement a 15 foot air gap based hardware firewall <big
grin>.
i had all my usuall stuff incoming but i was unable to do
pings/traceroute outside the boundries of my /29 constricted
network boundries. i am not asking for help to rejig my
ruleset, eventually i might, and or how to rejig pf or evern if
a move back to ipfw is a better solution or even get a real
"router" and setup a really tight routing policy.
my question is, essentially, can i ask my isp to change my
networks addressing from its current /29 back to the original
/24 . and NOT see a huge increase in teh size of the incoming
garbage traffic that would send my traffic billables from its
current $40 a month back up to or over teh size of teh original
'wakeup' events $1400/month ???
i am (ok slowly) learning the words/processes of managing isp
style services, note, apologies to those who have difficulty
with my long/difficult to read posts .. i have teh same
problems (gentle smile) too.
most kind regard and appreciations
jonathan
--
================================================================
powered by ..
QNX, OS9 and freeBSD -- http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====
More information about the BUGS
mailing list