Date: Wed, 1 Jan 2003 11:49:14 -0600 From: "Darren" <caffeine@directvinternet.com> To: "fbsd-questions" <freebsd-questions@freebsd.org> Subject: opinions on my plan Message-ID: <029f01c2b1be$1965cdc0$6601a8c0@crotchett.com>
next in thread | raw e-mail | index | archive | help
I am building a firewall/NAT box for my father. This is the first firewall that I've built. And, I'm trying to put only the minimum software on it that will help me remote administer it (ie. ssh) and keep it up to date (ie. portupgrade). I figured I'd need a few programs installed for convenience. But, I didn't want to sacrafice security. I thought I might get the advice of those who have gone before me. Here is what I was thinking about installing: <here's what I consider to be almost mandatory> sshd cvsup portupgrade <here's what I thought might add for obvious reasons> squid (maybe ??) portsentry (maybe ??) ncftp (client only if I can find it) links I'm mostly concerned about cvsup and portupgrade because I see them as being next to mandatory. I think I could get along without them. But, I'm concerned about security risks associated with not being current. Do they pose more security risks than they might prevent by keeping me current? Another thing about portupgrade that concerns me is what it does to my kernel sources. I tried recompiling after having run portupgrade and pretty much hosed everything. I started over from scratch and recompiled first. I haven't put portupgrade back on, yet. I wanted to get opinions about it's risk:reward ratio first. I'm open to all suggestions, links or any other comments. This is new territory for me. Thanks, Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029f01c2b1be$1965cdc0$6601a8c0>