Date: Thu, 21 Jun 2001 10:05:38 +0600 From: "Sergey N. Voronkov" <serg@tmn.ru> To: Malcolm <malcolm@ocf.berkeley.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFilter and security Message-ID: <20010621100538.A67676@sv.tech.sibitex.tmn.ru> In-Reply-To: <Pine.SOL.4.33.0106201809290.23365-100000@famine.OCF.Berkeley.EDU>; from malcolm@ocf.berkeley.edu on Wed, Jun 20, 2001 at 06:18:33PM -0700 References: <Pine.SOL.4.33.0106201809290.23365-100000@famine.OCF.Berkeley.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 20, 2001 at 06:18:33PM -0700, Malcolm wrote: > Hi folks, > What do we think about installing IPFilter on non-gateway boxes > and using it to block all incoming traffic except for whatever ports > we want to use on our server (e.g., http, ftp)? > Hi! Go and use it! I have it installed on my servers to limit usage of some services to only local network (such as a rdump. hosts.allow is also set to block unwanted connections. I'm gouing to be realy paranoid one :-). Also "keep state" options helps to reduse some realy stupid traffic - like a scans on TCP/53 (SA flag set). Bye, Serg N. Voronkov. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010621100538.A67676>