Date: Thu, 7 Aug 2003 12:19:26 -0700 (PDT) From: twig les <twigles@yahoo.com> To: chris@redstarnetworks.net, freebsd-security@freebsd.org Subject: RE: FreeBSD - Secure by DEFAULT ?? [hosts.allow] Message-ID: <20030807191926.50590.qmail@web10108.mail.yahoo.com> In-Reply-To: <000101c35d0e$88c43070$0b05a8c0@delllaptop>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes I've had great luck with simple host protection via IPFW, and there is a nice tutorial here: http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html. It's a bit old but I'm using IPFW on several 4.x boxes without any big changes. Sorry I don't have a more definitive answer. --- Chris Odell <chris@redstarnetworks.net> wrote: > > May I recommend IPF, FreeBSD's firewall daemon? Having this > in place - > and yes on localhost, will be more of what you want to > accomplish. You > will also be able to control a whole lot more as far as > traffice to/from > your box. It is very simple to configure, as long as you can > recompile > it in your kernel. > > Just my 2 cents... > > Chris Odell > chris@redstarnetworks.net > > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of > Schalk Erasmus > Sent: Thursday, August 07, 2003 10:14 AM > To: freebsd-security@freebsd.org > Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow] > > > Hi, > > I need to know what the implications are to make use of the > hosts.allow > file on a FreeBSD Production Server (ISP Setup)? The reason > I'm asking, > is that I've recently decommisioned a Linux SendMail Server to > a FreeBSD > Exim Server, but with no Firewall (IPTABLES) yet. > > Besides the fact that it only runs EXIM and Apache, is it > necessary to > Configure rc.Firewall? or can I only make use of the > hosts.allow file? > > Currently I would only like to allow SSH access from my Home > Network, > instead of allowing the WORLD. > > I've seen OpenBSD Servers using hosts.deny and hosts.allow > files, but > based on the new "Access Control File", it is all merged > together in one > file: > > # hosts.allow access control file for "tcp wrapped" > applications. # > $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 > dougb Exp $ > # > > I take that I should allow the other Services, in this order: > > sshd : myhomepc : allow > exim : ALL : allow > httpd : ALL : allow > ftpd : ALL : allow > ALL : ALL : deny > > > What kind of protection does FreeBSD need by Default? Since > OpenBSD goes > around saying: "SECURE BY DEFAULT" !? > > Just asking..... > > Regards > > Schalk Erasmus > Incredible Networks > Windhoek, Namibia > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" ===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030807191926.50590.qmail>