From owner-freebsd-questions Sun Oct 15 22:24:49 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail9.bigmailbox.com (mail9.bigmailbox.com [209.132.220.40]) by hub.freebsd.org (Postfix) with ESMTP id 5636D37B66C for ; Sun, 15 Oct 2000 22:24:46 -0700 (PDT) Received: œby mail9.bigmailbox.com (8.8.7/8.8.7) id WAA09521; Sun, 15 Oct 2000 22:30:42 -0700 Date: Sun, 15 Oct 2000 22:30:42 -0700 Message-Id: <200010160530.WAA09521@mail9.bigmailbox.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary X-Mailer: MIME-tools 4.104 (Entity 4.116) Mime-Version: 1.0 X-Originating-Ip: [203.96.152.184] From: "Richard Shea" To: freebsd-questions@FreeBSD.ORG Subject: rc.firewall vs hosts.allow ? Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi - I have a FreeBSD machine which acts as a firewall and to which I now want to allow a limited amount of ftp access. The firewall rules at the moment stop any incoming FTP. In the future I want users from a small set of known domains to be able to get on and leave files. BTW FWIW this would not be anonymous ftp. I thought about adding rules to rc.firewall to specifically allow incoming ftp from those domains but then I thought about letting through all incoming ftp and using hosts.allow to deny access to all but the 'good' domains. Is this just a question of taste or are there some issues here I haven't noticed ? Is there a 'right' way - maybe totally different from those I've mentioned. In some ways I like the idea of keeping the firewall rules simple albeit (in this case) considerably relaxed. Any thoughts would be welcomed. regard richard shea. ------------------------------------------------------------ --== Sent via Deja.com http://www.deja.com/ ==-- Before you buy. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message