Date: Wed, 1 Jan 2003 15:16:42 -0600 From: "Craig M. Luchtefeld" <craig@2400baud.com> To: "'Darren'" <caffeine@directvinternet.com>, "'fbsd-questions'" <freebsd-questions@freebsd.org> Subject: RE: opinions on my plan Message-ID: <000301c2b1db$272eae00$0500a8c0@strife> In-Reply-To: <029f01c2b1be$1965cdc0$6601a8c0@crotchett.com>
next in thread | previous in thread | raw e-mail | index | archive | help
For mine I did the following: - Minimal install - kern_securelevel_enable="YES" in rc.conf - recompiled kernel for ipf and take out extra crap - disabled inetd - disabled sendmail - used ipf and ipmon for firewall/nat My firewall is running on minimal hardware and it's a firewall.. I only want to mess with it once and be done with it. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Darren Sent: Wednesday, January 01, 2003 11:49 AM To: fbsd-questions Subject: opinions on my plan I am building a firewall/NAT box for my father. This is the first firewall that I've built. And, I'm trying to put only the minimum software on it that will help me remote administer it (ie. ssh) and keep it up to date (ie. portupgrade). I figured I'd need a few programs installed for convenience. But, I didn't want to sacrafice security. I thought I might get the advice of those who have gone before me. Here is what I was thinking about installing: <here's what I consider to be almost mandatory> sshd cvsup portupgrade <here's what I thought might add for obvious reasons> squid (maybe ??) portsentry (maybe ??) ncftp (client only if I can find it) links I'm mostly concerned about cvsup and portupgrade because I see them as being next to mandatory. I think I could get along without them. But, I'm concerned about security risks associated with not being current. Do they pose more security risks than they might prevent by keeping me current? Another thing about portupgrade that concerns me is what it does to my kernel sources. I tried recompiling after having run portupgrade and pretty much hosed everything. I started over from scratch and recompiled first. I haven't put portupgrade back on, yet. I wanted to get opinions about it's risk:reward ratio first. I'm open to all suggestions, links or any other comments. This is new territory for me. Thanks, Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c2b1db$272eae00$0500a8c0>