From owner-freebsd-questions Thu Aug 9 17:42: 2 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pdxpo.dsl-only.net (sub16-3.member.dsl-only.net [63.105.16.3]) by hub.freebsd.org (Postfix) with ESMTP id D5DD937B405 for ; Thu, 9 Aug 2001 17:41:58 -0700 (PDT) (envelope-from pdxmax@dsl-only.net) Received: from tabor.office.archimedesoft.com (unverified [63.105.19.225]) by pdxpo.dsl-only.net (Rockliffe SMTPRA 4.5.4) with ESMTP id ; Thu, 9 Aug 2001 17:37:29 -0700 Date: Thu, 9 Aug 2001 17:41:55 -0700 From: Tabor Kelly X-Mailer: The Bat! (v1.49) UNREG / CD5BF9353B3B7091 Reply-To: Tabor Kelly X-Priority: 3 (Normal) Message-ID: <11621029839.20010809174155@dsl-only.net> To: Keith Spencer Cc: fbsd Subject: Re: Separate firewall or not? In-reply-To: <20010809235728.51097.qmail@web12006.mail.yahoo.com> References: <20010809235728.51097.qmail@web12006.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG IMHO you should use a separate firewall. I wouldn't take your compiler off of it, it makes certain tasks very difficult (like building a new kernel). Personally, I leave one thing on my firewall: sshd. There are many reasons not to use a normal server as a firewall, one large one is that, you only need 2 accounts on a firewall: root, and one user account. On a webserver you frequently have many, many account, all of which can be used against you! Note: I am not a network security expert, though I like to pretend that I know a little bit about security. On Thursday, August 09, 2001, 4:57:28 PM, Keith wrote: Hi all, sorry to repeat but I am in the middle of an urgent anti-hacking rebuild. Should I build a separate preimeter firewall machine with only that on it...restrict/remove compilers etc (how do I do that?) and have the router/dns/web/wail server inside the perimeter. OR should I simply put IPFW on the router/dns/web/mail server? Any ideas guys? Tjhanks Keith _____________________________________________________________________________ http://shopping.yahoo.com.au - Father's Day Shopping - Find the perfect gift for your Dad for Father's Day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message