Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Aug 2003 12:19:26 -0700 (PDT)
From:      twig les <twigles@yahoo.com>
To:        chris@redstarnetworks.net, freebsd-security@freebsd.org
Subject:   RE: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
Message-ID:  <20030807191926.50590.qmail@web10108.mail.yahoo.com>
In-Reply-To: <000101c35d0e$88c43070$0b05a8c0@delllaptop>

next in thread | previous in thread | raw e-mail | index | archive | help
Yes I've had great luck with simple host protection via IPFW,
and there is a nice tutorial here:
http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html. 
It's a bit old but I'm using IPFW on several 4.x boxes without
any big changes.  Sorry I don't have a more definitive answer.

--- Chris Odell <chris@redstarnetworks.net> wrote:
> 
>   May I recommend IPF, FreeBSD's firewall daemon? Having this
> in place -
> and yes on localhost, will be more of what you want to
> accomplish. You
> will also be able to control a whole lot more as far as
> traffice to/from
> your box. It is very simple to configure, as long as you can
> recompile
> it in your kernel.
> 
> Just my 2 cents...
> 
> Chris Odell
> chris@redstarnetworks.net
> 
> -----Original Message-----
> From: owner-freebsd-security@freebsd.org
> [mailto:owner-freebsd-security@freebsd.org] On Behalf Of
> Schalk Erasmus
> Sent: Thursday, August 07, 2003 10:14 AM
> To: freebsd-security@freebsd.org
> Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow]
> 
> 
> Hi,
> 
> I need to know what the implications are to make use of the
> hosts.allow
> file on a FreeBSD Production Server (ISP Setup)? The reason
> I'm asking,
> is that I've recently decommisioned a Linux SendMail Server to
> a FreeBSD
> Exim Server, but with no Firewall (IPTABLES) yet.
> 
> Besides the fact that it only runs EXIM and Apache, is it
> necessary to
> Configure rc.Firewall? or can I only make use of the
> hosts.allow file?
> 
> Currently I would only like to allow SSH access from my Home
> Network,
> instead of allowing the WORLD.
> 
> I've seen OpenBSD Servers using hosts.deny and hosts.allow
> files, but
> based on the new "Access Control File", it is all merged
> together in one
> file:
> 
> # hosts.allow access control file for "tcp wrapped"
> applications. #
> $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22
> dougb Exp $
> #
> 
> I take that I should allow the other Services, in this order:
> 
> sshd : myhomepc : allow
> exim : ALL : allow
> httpd : ALL : allow
> ftpd : ALL : allow
> ALL : ALL : deny
> 
> 
> What kind of protection does FreeBSD need by Default? Since
> OpenBSD goes
> around saying: "SECURE BY DEFAULT" !?
> 
> Just asking.....
> 
> Regards
> 
> Schalk Erasmus
> Incredible Networks
> Windhoek, Namibia
> 
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030807191926.50590.qmail>