From owner-freebsd-security@FreeBSD.ORG Thu Aug 7 12:19:26 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA2E837B401 for ; Thu, 7 Aug 2003 12:19:26 -0700 (PDT) Received: from web10108.mail.yahoo.com (web10108.mail.yahoo.com [216.136.130.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 8B13743F3F for ; Thu, 7 Aug 2003 12:19:26 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20030807191926.50590.qmail@web10108.mail.yahoo.com> Received: from [68.5.49.41] by web10108.mail.yahoo.com via HTTP; Thu, 07 Aug 2003 12:19:26 PDT Date: Thu, 7 Aug 2003 12:19:26 -0700 (PDT) From: twig les To: chris@redstarnetworks.net, freebsd-security@freebsd.org In-Reply-To: <000101c35d0e$88c43070$0b05a8c0@delllaptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: RE: FreeBSD - Secure by DEFAULT ?? [hosts.allow] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 19:19:27 -0000 Yes I've had great luck with simple host protection via IPFW, and there is a nice tutorial here: http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html. It's a bit old but I'm using IPFW on several 4.x boxes without any big changes. Sorry I don't have a more definitive answer. --- Chris Odell wrote: > > May I recommend IPF, FreeBSD's firewall daemon? Having this > in place - > and yes on localhost, will be more of what you want to > accomplish. You > will also be able to control a whole lot more as far as > traffice to/from > your box. It is very simple to configure, as long as you can > recompile > it in your kernel. > > Just my 2 cents... > > Chris Odell > chris@redstarnetworks.net > > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of > Schalk Erasmus > Sent: Thursday, August 07, 2003 10:14 AM > To: freebsd-security@freebsd.org > Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow] > > > Hi, > > I need to know what the implications are to make use of the > hosts.allow > file on a FreeBSD Production Server (ISP Setup)? The reason > I'm asking, > is that I've recently decommisioned a Linux SendMail Server to > a FreeBSD > Exim Server, but with no Firewall (IPTABLES) yet. > > Besides the fact that it only runs EXIM and Apache, is it > necessary to > Configure rc.Firewall? or can I only make use of the > hosts.allow file? > > Currently I would only like to allow SSH access from my Home > Network, > instead of allowing the WORLD. > > I've seen OpenBSD Servers using hosts.deny and hosts.allow > files, but > based on the new "Access Control File", it is all merged > together in one > file: > > # hosts.allow access control file for "tcp wrapped" > applications. # > $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 > dougb Exp $ > # > > I take that I should allow the other Services, in this order: > > sshd : myhomepc : allow > exim : ALL : allow > httpd : ALL : allow > ftpd : ALL : allow > ALL : ALL : deny > > > What kind of protection does FreeBSD need by Default? Since > OpenBSD goes > around saying: "SECURE BY DEFAULT" !? > > Just asking..... > > Regards > > Schalk Erasmus > Incredible Networks > Windhoek, Namibia > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" ===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com