Date: 21 Oct 2002 17:05:04 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: James <mailinglists@telus.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Does a web server need ipfw? Message-ID: <443cqz33lr.fsf@be-well.ilk.org> In-Reply-To: <20021021174350.GC213@work.ab.hsia.telus.net> References: <20021021174350.GC213@work.ab.hsia.telus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
James <mailinglists@telus.net> writes: > I'm just wondering if most web servers don't run a firewall? We've > setup a FreeBSD web server without ipfw running, and I don't really > see any reason to run ipfw since the only services I have running are > httpd and sshd. We have also attempted to secure the machine in the > other typical ways. > > Are there vulnerabilities that this web server is open to by not > running a firewall? Not specifically, no. But running a firewall would leave you in less danger if (a) you make a configuration mistake that opens up a vulnerability, or (b) a new vulnerability is discovered which *does* apply to your system. It's a belt-and-suspenders thing, but it would take so little effort to set up that I'd recommend it as a good investment. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443cqz33lr.fsf>