From owner-freebsd-current  Fri Oct 30 02:31:38 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA15670
          for freebsd-current-outgoing; Fri, 30 Oct 1998 02:31:38 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA15662
          for <freebsd-current@FreeBSD.ORG>; Fri, 30 Oct 1998 02:31:34 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id LAA28200;
	Fri, 30 Oct 1998 11:30:57 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id LAA15504;
	Fri, 30 Oct 1998 11:30:51 +0100 (MET)
Message-ID: <19981030113051.46830@follo.net>
Date: Fri, 30 Oct 1998 11:30:51 +0100
From: Eivind Eklund <eivind@yes.no>
To: Nik Clayton <nik@nothing-going-on.demon.co.uk>,
        "Carlos C. Tapang" <ctapang@easystreet.com>,
        freebsd-current@FreeBSD.ORG
Subject: Re: Plugging a FreeBSD server to the net: need advice
References: <003401be036e$086894b0$0d787880@apex> <19981029224704.64945@nothing-going-on.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <19981029224704.64945@nothing-going-on.org>; from Nik Clayton on Thu, Oct 29, 1998 at 10:47:04PM +0000
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Oct 29, 1998 at 10:47:04PM +0000, Nik Clayton wrote:
> On Thu, Oct 29, 1998 at 10:57:52AM -0800, Carlos C. Tapang wrote:
> > Is FreeBSD.ORG behind a firewall? 
> 
> Yes.

As far as I know, this is incorrect.  I'm not able see it with
traceroute, at least, and there isn't anything that look like one...

> > If it's not, then my server probably does
> > not need to be behind a firewall. (I am paranoid about malignant attacks,
> > but if FreeBSD.ORG can survive, so should my server.)
> 
> Be paranoid. Firewall. Only allow access to ports you know about. Drop
> packets from 'unroutable' nets immediately (10/8, 172.16/16, 192.168/16).
> Log odd connections to either a seperate machine, or (better yet) to a 
> line printer somewhere. Install tcp_wrappers from the ports, and wrap
> services.

This is always good advice.  And don't run more services than you
_absolutely_ need.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message