From owner-freebsd-security  Mon Aug 23 12:59:22 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id 5CC8515731
	for <freebsd-security@FreeBSD.ORG>; Mon, 23 Aug 1999 12:59:20 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id MAA10488;
	Mon, 23 Aug 1999 12:58:50 -0700 (PDT)
	(envelope-from dillon)
Date: Mon, 23 Aug 1999 12:58:50 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199908231958.MAA10488@apollo.backplane.com>
To: Bill Fumerola <billf@jade.chc-chimes.com>
Cc: Nate Williams <nate@mt.sri.com>, freebsd-security@FreeBSD.ORG
Subject: Re: IPFW/DNS rules
References:  <Pine.BSF.4.10.9908231455310.4060-100000@jade.chc-chimes.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:On Mon, 23 Aug 1999, Matthew Dillon wrote:
:
:>     You can create allow/deny lists in named.conf, configuration options are
:>     well documented in the bind distribution, in your source tree:
:
:He wants to secure the server with firewall rules, not the service, I
:believe.
:
:-- 
:- bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp -
:- ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org  -

    Simply do not run any other services on the server except, say, sshd.
    That's what we did at BEST.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message