From owner-freebsd-questions  Wed Jan  1  9:49:51 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F3A3A37B401
	for <freebsd-questions@freebsd.org>; Wed,  1 Jan 2003 09:49:49 -0800 (PST)
Received: from c007.snv.cp.net (h008.c007.snv.cp.net [209.228.33.236])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8B65F43EB2
	for <freebsd-questions@freebsd.org>; Wed,  1 Jan 2003 09:49:44 -0800 (PST)
	(envelope-from caffeine@directvinternet.com)
Received: (cpmta 24495 invoked from network); 1 Jan 2003 09:49:44 -0800
Received: from 65.187.59.153 (HELO winbox1)
  by smtp.directvinternet.com (209.228.33.236) with SMTP; 1 Jan 2003 09:49:44 -0800
X-Sent: 1 Jan 2003 17:49:44 GMT
Message-ID: <029f01c2b1be$1965cdc0$6601a8c0@crotchett.com>
From: "Darren" <caffeine@directvinternet.com>
To: "fbsd-questions" <freebsd-questions@freebsd.org>
Subject: opinions on my plan
Date: Wed, 1 Jan 2003 11:49:14 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I am building a firewall/NAT box for my father.  This is the first firewall
that I've built.  And, I'm trying to put only the minimum software on it
that will help me remote administer it (ie. ssh) and keep it up to date (ie.
portupgrade).

I figured I'd need a few programs installed for convenience.  But, I didn't
want to sacrafice security.  I thought I might get the advice of those who
have gone before me.

Here is what I was thinking about installing:

<here's what I consider to be almost mandatory>
sshd
cvsup
portupgrade

<here's what I thought might add for obvious reasons>

squid (maybe ??)
portsentry (maybe ??)
ncftp (client only if I can find it)
links

I'm mostly concerned about cvsup and portupgrade because I see them as being
next to mandatory.  I think I could get along without them.  But, I'm
concerned about security risks associated with not being current.  Do they
pose more security risks than they might prevent by keeping me current?
Another thing about portupgrade that concerns me is what it does to my
kernel sources.  I tried recompiling after having run portupgrade and pretty
much hosed everything.  I started over from scratch and recompiled first.  I
haven't put portupgrade back on, yet.  I wanted to get opinions about it's
risk:reward ratio first.

I'm open to all suggestions, links or any other comments.  This is new
territory for me.

Thanks,
Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message