Date: Tue, 13 Feb 2001 19:51:19 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Raymond Brighenti <bargi@webfront.net.au> Cc: freebsd-questions@freebsd.org Subject: Re: Which would be better hosts.allow or IPFirewall? Message-ID: <20010213195119.C61748@mollari.cthul.hu> In-Reply-To: <5.0.2.1.2.20010214130011.00aefb60@mail.webfront.net.au>; from bargi@webfront.net.au on Wed, Feb 14, 2001 at 01:11:42PM %2B1100 References: <5.0.2.1.2.20010214130011.00aefb60@mail.webfront.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZmUaFz6apKcXQszQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 14, 2001 at 01:11:42PM +1100, Raymond Brighenti wrote: > Hi, >=20 > I'm in the process of setting up a few FreeBSD machines that will be=20 > sitting on the Internet. > I'd like to limit access the IP addresses and ports of these machines but= =20 > currently putting them behind a dedicated firewall box is not an option. >=20 > So in this situation does enabling/using IPFirewall just for the local=20 > machine make it better/secure than hosts.allow? IPFilter or ipfw allows you to do more complex filtering than hosts.allow. I recommend you use one of those two and set up a "default to deny" firewall which only allows in traffic which you need. Kris --ZmUaFz6apKcXQszQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6igC3Wry0BWjoQKURAg36AKC1Nvqv0vkT21hRTBxMtE6j30CKMACcCDAt FSiypI57iOjj2IIQT9MarO0= =K6YO -----END PGP SIGNATURE----- --ZmUaFz6apKcXQszQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010213195119.C61748>