From owner-freebsd-questions@FreeBSD.ORG Thu Aug 7 10:24:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2976737B401 for ; Thu, 7 Aug 2003 10:24:16 -0700 (PDT) Received: from emerald.incredible.com.na (NSP.inc.net.na [196.44.138.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 245C143FAF for ; Thu, 7 Aug 2003 10:24:14 -0700 (PDT) (envelope-from schalk@home.incredible.com.na) Received: from [10.222.101.2] (helo=Fujitsu) by emerald.incredible.com.na with smtp (Exim 4.12) id 19koSz-0009ac-00 for freebsd-questions@freebsd.org; Thu, 07 Aug 2003 18:22:21 +0100 Message-ID: <010101c35d08$baaf5480$0265de0a@Fujitsu> From: "Schalk Erasmus" To: Date: Thu, 7 Aug 2003 18:24:16 +0100 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 17:24:16 -0000 Hi, I need to know what the implications are to make use of the hosts.allow file on a FreeBSD Production Server (ISP Setup)? The reason I'm asking, is that I've recently decommisioned a Linux SendMail Server to a FreeBSD Exim Server, but with no Firewall (IPTABLES) yet. Besides the fact that it only runs EXIM and Apache, is it necessary to Configure rc.Firewall? or can I only make use of the hosts.allow file? Currently I would only like to allow SSH access from my Home Network, instead of allowing the WORLD. I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but based on the new "Access Control File", it is all merged together in one file: # hosts.allow access control file for "tcp wrapped" applications. # $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 dougb Exp $ # I take that I should allow the other Services, in this order: sshd : myhomepc : allow exim : ALL : allow httpd : ALL : allow ftpd : ALL : allow ALL : ALL : deny What kind of protection does FreeBSD need by Default? Since OpenBSD goes around saying: "SECURE BY DEFAULT" !? Just asking..... Regards Schalk Erasmus Incredible Networks Windhoek, Namibia