Date: Mon, 21 Oct 2002 14:00:07 -0500 From: Sean O'Neill <sean@seanoneill.info> To: James <mailinglists@telus.net>, freebsd-questions@FreeBSD.org Subject: Re: Does a web server need ipfw? Message-ID: <5.1.0.14.0.20021021134814.07242e28@postoffice.swbell.net> In-Reply-To: <20021021174350.GC213@work.ab.hsia.telus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:43 AM 10/21/2002 -0600, James wrote: >Hello, > >I'm just wondering if most web servers don't run a firewall? We've setup >a FreeBSD web server without ipfw running, and I don't really see any >reason to run ipfw since the only services I have running are httpd and >sshd. We have > ... are httpd and sshd Famous last words. Just wait until your requirements change and somebody says this and that have to now run on that machine at the last minute. >also attempted to secure the machine in the other typical ways. > >Are there vulnerabilities that this web server is open to by not running a >firewall? One of the nice things about running a firewall is better control. Without running a firewall package in front of or on the machine ... you have NONE. An example of a good use of running a firewall is ... I have ProFTP running on my "machine" at all times with anonftp setup but you can't to it because my IPFilter config explicitly blocks access to it. When I need to allow someone into my machine to transfer something - I update my ipf.conf file by uncommenting two line, adjust for IP address allowed in for FTP, and reload rules. When they are done, comment out the two line and reload. I could setup a SSH account and change the password when they are done transferring but SSH is too slow for transfers and I occasionally get stuff from Windows users and many have never heard of SSH. -- ........................................................ ......... ..- -. .. -..- .-. ..- .-.. . ... ............ .-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ... Sean O'Neill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20021021134814.07242e28>