From owner-freebsd-questions@FreeBSD.ORG Fri Feb 5 20:24:54 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB7EA106566C for ; Fri, 5 Feb 2010 20:24:54 +0000 (UTC) (envelope-from pobox@verysmall.org) Received: from thing.verysmall.org (thing.verysmall.org [89.234.8.80]) by mx1.freebsd.org (Postfix) with ESMTP id A82038FC12 for ; Fri, 5 Feb 2010 20:24:54 +0000 (UTC) Received: from [10.0.1.2] (p54A7C894.dip.t-dialin.net [84.167.200.148]) by thing.verysmall.org (Postfix) with ESMTPA id D2E411703D for ; Fri, 5 Feb 2010 20:34:23 +0000 (GMT) From: Iv Ray Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Fri, 5 Feb 2010 21:24:52 +0100 Message-Id: To: freebsd-questions@freebsd.org Mime-Version: 1.0 (Apple Message framework v1077) X-Mailer: Apple Mail (2.1077) Subject: best firewall for a web server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 20:24:54 -0000 We will be running a web server - - FreeBSD 8.x - Apache 2.x - php 5.x - PostgreSQL 8.x - Postfix 2.x - The server will run nearly 98% of the time below 25% load (no high = performance firewall is needed). - Access to the server will be done only via ssh w/ key (there will be = no public ftp, etc.). I read several threads on FreeBSD Questions and checked the Handbook, = and my conclusion is that PF seems the most straightforward for such = "classic" situation. Am I right? Thanks, Iv=