Date: Mon, 16 Oct 2000 03:52:12 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: "Richard Shea" <rshea@my-deja.com> Cc: questions@freebsd.org Subject: Re: rc.firewall vs hosts.allow ? Message-ID: <14826.49596.116944.205148@guru.mired.org> In-Reply-To: <11203552@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Shea writes: > Hi - I have a FreeBSD machine which acts as a firewall and to which I now want to allow a limited amount of ftp access. The firewall rules at the moment stop any incoming FTP. In the future I want users from a small set of known domains to be able to get on and leave files. BTW FWIW this would not be anonymous ftp. > > I thought about adding rules to rc.firewall to specifically allow incoming ftp from those domains but then I thought about letting through all incoming ftp and using hosts.allow to deny access to all but the 'good' domains. > > Is this just a question of taste or are there some issues here I haven't noticed ? Is there a 'right' way - maybe totally different from those I've mentioned. hosts.allow is the config file for the tcp wrappers package; rc.firewall is a config script for the kernel ip filtering facility. Both are tools one can use to build a firewall. ipfw seems to be the prefered method to use these days, but don't quote me. I'd say not to use both, but choose one or the other. That's because having all the security information in one place makes it that much less likely that you'll make a mistake because you don't have the information in the other place. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14826.49596.116944.205148>