From owner-freebsd-questions  Fri Oct 26  5:21:10 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.all.org (bdsl.66.12.117.154.gte.net [66.12.117.154])
	by hub.freebsd.org (Postfix) with ESMTP id 451E637B403
	for <freebsd-questions@FreeBSD.ORG>; Fri, 26 Oct 2001 05:21:07 -0700 (PDT)
Message-ID: <3BD9551E.4050505@nicholasofmyra.org>
Date: Fri, 26 Oct 2001 08:20:46 -0400
From: Joseph <jolt@nicholasofmyra.org>
MIME-Version: 1.0
To: "Patrick O'Reilly" <patrick@mip.co.za>
Cc: Eric Lam <elam101083@earthlink.net>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW Rules Help
References: <NDBBIMKICMDGDMNOOCAIEEEHDMAA.patrick@mip.co.za>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG



Patrick O'Reilly wrote:

>
>Eric, if this server is not actually a firewall, but an FTP/HTTP/SMB/SSH
>server, then I would personally not worry about ipfw, but be sure to
>configure each of those services correctly, and make sure that the box DOES
>NOT RESPOND to anything else.
>
The advice you gave is good, however, I, personally, still prefer to 
configure the firewall rules.  They help to catch configuration 
errors/changes made by you and other authorized personnel.  They help to 
assure that a trojan cannot suddenly open a hole.  They also allow you 
to log suspicious network activity.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message