Date: Tue, 28 Aug 2001 17:08:46 -0400 From: Mark Woodson <mwoodson@bacxs.com> To: freebsd-questions@freebsd.org Subject: Re: helping in securing box Message-ID: <5.1.0.14.0.20010828170609.034f0ec8@192.168.99.2> In-Reply-To: <200108282015.f7SKFOV21254@lucy.tbscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:15 PM 8/28/2001 -0400, you wrote: >I have a some questions in helping to secure two freebsd servers I >have. I am very new still to server administration and would be quite >open to any tutorials that you can suggest. But anyway here is what I >think I want to do. > >I have one server that is pretty much runs just apache/php/sendmail and >another that runs mysql. On the database server I would like to refuse >all requests for anything that does not come from its subnet. I thought >there was a way to do this using /etc/hosts.deny but there doesn't seem to >be that file on freeBSD. Even if there was I don't really know how to deny >everything but a small set of ip's. >I would also only like to allow the database server to send admin emails >out and not allow anything to else to be sent or received, is there a way >to do this? The web server i feel can be a lot more open but does anyone >have some suggestions to help keep this from possible intrusions. The best way to do this I think it to set up a firewall on both boxes. Then you can easily restrict traffic based on ip/protocol/etc. It's fairly painless. Of course you'd ideally want a firewall at your gateway to further secure your network and restrict traffic. -Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010828170609.034f0ec8>