From owner-freebsd-questions Mon Oct 21 10:32:24 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3030B37B401 for ; Mon, 21 Oct 2002 10:32:23 -0700 (PDT) Received: from priv-edtnes16-hme0.telusplanet.net (defout.telus.net [199.185.220.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7896643E3B for ; Mon, 21 Oct 2002 10:32:22 -0700 (PDT) (envelope-from mailinglists@telus.net) Received: from work.kunfu-lui.net ([142.179.173.206]) by priv-edtnes16-hme0.telusplanet.net (InterMail vM.5.01.04.02 201-253-122-122-102-20011128) with ESMTP id <20021021173221.CFQR7607.priv-edtnes16-hme0.telusplanet.net@work.kunfu-lui.net> for ; Mon, 21 Oct 2002 11:32:21 -0600 Date: Mon, 21 Oct 2002 11:43:50 -0600 From: James To: freebsd-questions@FreeBSD.org Subject: Does a web server need ipfw? Message-ID: <20021021174350.GC213@work.ab.hsia.telus.net> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: Balsa 2.0.2 Lines: 10 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I'm just wondering if most web servers don't run a firewall? We've setup a FreeBSD web server without ipfw running, and I don't really see any reason to run ipfw since the only services I have running are httpd and sshd. We have also attempted to secure the machine in the other typical ways. Are there vulnerabilities that this web server is open to by not running a firewall? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message