Workshop @SdNOG4 Meeting! more details at


Hands on how to secure your network Three day course – Philip Paeps


By the end of the workshop, everyone should know how to run secure services in jails on FreeBSD and use the pf firewall to keep malicious people on the internet out of their jails.


Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops.


Systems administrators and network operators who are running Network services in their organization.

Workshop Requirements

  • Knowledge of Linux/UNIX command line
  • Good understanding of network basics (IP networking)
  • All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop.


Philip Paeps


The registration is open at:

  • Please note there will be a selection process, and selected candidates will be contacted to confirm their participation.


Time Day 1: Sunday 14 August Day 2: Monday 15 August Day 3: Tuesday 16 August
08:30 – 09:15 (45 minutes) Registration and coffee Registration and coffee Registration and coffee
09:15 – 11:15 (120 minutes) • Installing FreeBSD in a VM
• Where to find installation media
• Which installation to choose
•Installing on a clean machine
• Advanced jails
• Installing a jail from scratch
• Isolating jails with pf
• Nested jails
• Jailing the Postfix mailserver
• Installing Postfix from a package
• Configuring a basic Postfix in a jail
• certificate for SMTP
11:15 – 11:30 (15 minutes) Coffee break Coffee break Coffee break
11:30 – 13:00 (90 minutes) • FreeBSD is not Linux
• Filesystem overview
• init(8) and rc(8) (NO SYSTEMD!)
•Starting and stopping processes
• Package management with pkg(8)
• Using ezjail for easier management
• Installing a dozen jails in two minutes
•Upgrading jails
• Deleting and archiving jails
• Package management across many jails
• Hardening Postfix against spammers
• DNS blacklists and whitelists
•Sender and recipient restrictions
•Fun tricks with multiple IP addresses
13:00 – 14:00 (60 minutes) Lunch Lunch Lunch
14:00 – 15:30 (90 minutes) • pf: the BSD firewall
• Default-deny ruleset
• Allowing services
• NAT and port forwarding
• Jailing and securing nginx
• Installing nginx in a fresh jail
• Tuning nginx for maximum security
•Obtaining and managing certificates
•Online tools for confirming webserver security
• Building your own custom packages
• Introduction to Poudriere
• Installing Poudriere in a jail
15:30 – 15:45 (15 minutes) Coffee break Coffee break Coffee break
15:45 – 16:30 (45 minutes) •Introduction to jails
• Lightweight virtualisation
• Jails vs. virtual machines
• Mention bhyve
•Exercises with nginx
• Reverse proxies across multiple jails
•Dodgy services locked up in nested jails
• Putting it all together
• ezjail, poudriere, nested jails
•Mostly automated installations
•Using multiple package repositories


ICANN59 Infographic in the Final Edition of the #ICANN59 Newsletter...
Lire la suite

Revue Hebdo Gouv Internet : Nations unies v/ contenus extrémistes; Coopération cyberespace UA-Chine; le stopper de Wannacry arreté; Plus de jeunes en ligne selon l'UIT...
Lire la suite

Copyright  2012- 2017 Affiliate Marketing. © i RENALA - Porte 201 - Ministère de l’Enseignement Supérieur et de la Recherche Scientifique - Fiadanana - Antananarivo 101