From owner-freebsd-questions Thu Aug 9 17:46:42 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web12004.mail.yahoo.com (web12004.mail.yahoo.com [216.136.172.212]) by hub.freebsd.org (Postfix) with SMTP id 72C4237B403 for ; Thu, 9 Aug 2001 17:46:37 -0700 (PDT) (envelope-from bsd2000au@yahoo.com.au) Message-ID: <20010810004637.15724.qmail@web12004.mail.yahoo.com> Received: from [61.9.188.204] by web12004.mail.yahoo.com; Fri, 10 Aug 2001 10:46:37 EST Date: Fri, 10 Aug 2001 10:46:37 +1000 (EST) From: =?iso-8859-1?q?Keith=20Spencer?= Subject: Re: Separate firewall or not? To: Tabor Kelly Cc: fbsd In-Reply-To: <11621029839.20010809174155@dsl-only.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Tabor, Thanks! If I don't remove the compiler can I restrict it? Can I stop shell accounts? Do I put DNS on the firewall or behind it? Thanks keith --- Tabor Kelly wrote: > IMHO you should use a separate firewall. I wouldn't > take your compiler > off of it, it makes certain tasks very difficult > (like building a new > kernel). > > Personally, I leave one thing on my firewall: sshd. > > There are many reasons not to use a normal server as > a firewall, one > large one is that, you only need 2 accounts on a > firewall: root, and > one user account. On a webserver you frequently have > many, many > account, all of which can be used against you! > > Note: I am not a network security expert, though I > like to pretend > that I know a little bit about security. > > On Thursday, August 09, 2001, 4:57:28 PM, Keith > wrote: > > Hi all, > sorry to repeat but I am in the middle of an urgent > anti-hacking rebuild. > Should I build a separate preimeter firewall machine > with only that on it...restrict/remove compilers etc > (how do I do that?) and have the router/dns/web/wail > server inside the perimeter. > OR > should I simply put IPFW on the router/dns/web/mail > server? > Any ideas guys? > Tjhanks > Keith > > _____________________________________________________________________________ > http://shopping.yahoo.com.au - Father's Day Shopping > - Find the perfect gift for your Dad for Father's > Day > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message > > _____________________________________________________________________________ http://shopping.yahoo.com.au - Father's Day Shopping - Find the perfect gift for your Dad for Father's Day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message