From owner-freebsd-questions Thu May 3 2:33:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from fisher.vip.uk.com (fisher.vip.uk.com [194.176.218.14]) by hub.freebsd.org (Postfix) with ESMTP id 7699A37B423 for ; Thu, 3 May 2001 02:33:13 -0700 (PDT) (envelope-from rob@robhulme.com) Received: from modem-217-79-60-62.vip.uk.com ([62.60.79.217] helo=hal9000) by fisher.vip.uk.com with smtp (Exim 3.22 #1) id 14vFTv-0002Rn-00 for questions@freebsd.org; Thu, 03 May 2001 10:33:08 +0100 From: "Rob" To: Subject: IPFW box Date: Thu, 3 May 2001 10:25:30 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I am soon going to have to setup 2 firewalls for a network that I'm building - the network is going to have various web / database / mail / etc... servers for our clients at it - and it going to be co-located. I was wondering - if I installed say FreeBSD 4.3, recompiled it with IPFW, and turned every service off except ssh - would it be *very secure*? It seems from the traffic on the various lists that 99.99% of the exploits are to do with the various daemons that are running - so if I only run sshd its going to be quite secure? I ask this partly because I don't want to have to deal with upgrading to the lastest version every few weeks - I want to leave it, in part because they're co-located so if anything goes wrong I'm a bit screwed, and in part because I don't want to have to reboot it if I don't have to (as that would stop access to the other boxes the firewalls are protecting). Thanks -Rob -------------------------------- http://www.robhulme.com http://www.christianunion.org.uk "...and scantily clad females, of course. Who cares if it's below zero outside." -- Linus Torvalds To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message