From owner-freebsd-questions Thu May 3 2:46:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id 6BB0D37B422 for ; Thu, 3 May 2001 02:46:49 -0700 (PDT) (envelope-from deepak@ai.net) Received: from blood (adsl-138-88-74-224.dc.adsl.bellatlantic.net [138.88.74.224]) by aries.ai.net (8.9.3/8.9.3) with SMTP id FAA09459; Thu, 3 May 2001 05:46:36 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "Rob" , Subject: RE: IPFW box Date: Thu, 3 May 2001 05:50:36 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You mean, except for the holes (buffer exploit, et al) periodically discovered in sshd, right? Deepak Jain AiNET -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rob Sent: Thursday, May 03, 2001 5:26 AM To: questions@FreeBSD.ORG Subject: IPFW box Hi, I am soon going to have to setup 2 firewalls for a network that I'm building - the network is going to have various web / database / mail / etc... servers for our clients at it - and it going to be co-located. I was wondering - if I installed say FreeBSD 4.3, recompiled it with IPFW, and turned every service off except ssh - would it be *very secure*? It seems from the traffic on the various lists that 99.99% of the exploits are to do with the various daemons that are running - so if I only run sshd its going to be quite secure? I ask this partly because I don't want to have to deal with upgrading to the lastest version every few weeks - I want to leave it, in part because they're co-located so if anything goes wrong I'm a bit screwed, and in part because I don't want to have to reboot it if I don't have to (as that would stop access to the other boxes the firewalls are protecting). Thanks -Rob -------------------------------- http://www.robhulme.com http://www.christianunion.org.uk "...and scantily clad females, of course. Who cares if it's below zero outside." -- Linus Torvalds To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message