Date: Thu, 3 May 2001 05:51:56 -0400 From: "Deepak Jain" <deepak@ai.net> To: "Rob" <rob@robhulme.com>, <freebsd-questions@freebsd.org> Subject: RE: IPFW box Message-ID: <GPEOJKGHAMKFIOMAGMDIKEJGCIAA.deepak@ai.net> In-Reply-To: <LPBBLIHFHEKDFLJEBFJGIEMNDCAA.rob@robhulme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I meant to add something useful to that email. Make sure you use allow/deny filters, even with ssh. You will save yourself a lot of headache if you only allow ssh connections from a fixed IP or mask range. It prevents a lot of vulnerabilities that may be discovered down the road. Deepak Jain AiNET -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rob Sent: Thursday, May 03, 2001 5:26 AM To: questions@FreeBSD.ORG Subject: IPFW box Hi, I am soon going to have to setup 2 firewalls for a network that I'm building - the network is going to have various web / database / mail / etc... servers for our clients at it - and it going to be co-located. I was wondering - if I installed say FreeBSD 4.3, recompiled it with IPFW, and turned every service off except ssh - would it be *very secure*? It seems from the traffic on the various lists that 99.99% of the exploits are to do with the various daemons that are running - so if I only run sshd its going to be quite secure? I ask this partly because I don't want to have to deal with upgrading to the lastest version every few weeks - I want to leave it, in part because they're co-located so if anything goes wrong I'm a bit screwed, and in part because I don't want to have to reboot it if I don't have to (as that would stop access to the other boxes the firewalls are protecting). Thanks -Rob -------------------------------- http://www.robhulme.com http://www.christianunion.org.uk "...and scantily clad females, of course. Who cares if it's below zero outside." -- Linus Torvalds To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GPEOJKGHAMKFIOMAGMDIKEJGCIAA.deepak>