Date: Wed, 5 Jan 2011 13:51:19 -0600 From: Ryan Coleman <ryan.coleman@cwis.biz> To: Mark Moellering <mark@msen.com> Cc: freebsd-questions@freebsd.org Subject: Re: Bot? / pf question Message-ID: <DBE76A19-5825-45ED-B024-3D0EF64F28BD@cwis.biz> In-Reply-To: <4D24CB09.3030603@msen.com> References: <4D249129.6090008@webtent.net> <4D249298.9080706@nrdx.com> <AANLkTi=%2B=FGeQevAnxii6m2XK7i%2B617Mt4EkQfd2Ucv0@mail.gmail.com> <AANLkTinOewwzjMigG_Bn0%2BZL7GzvfL7Nq_FGBHyCNbsj@mail.gmail.com> <AANLkTimQy3H5HHGBGqd9JET22GH0ygWOh8DBta310SpY@mail.gmail.com> <4D24CB09.3030603@msen.com>
index | next in thread | previous in thread | raw e-mail
Yes and no. You want to leave ftp open, too, just in case for port upgrading/downloading, plus you would want to do monitoring across the wire (Nagios or something, maybe?). You could, though, do a dual-NIC setup and have one be a private network LAN for the servers if you aren't already considering it. On Jan 5, 2011, at 1:48 PM, Mark Moellering wrote: > Since I am going to be setting up a mail server sometime next week and have to keep things like this in mind; > would it make sense to run pf and block all outbound traffic that isn't on port 25 ( port 995 , etc) and force any web administration programs onto a port other than 80 to help with this sort of thing? Any other thoughts on how to make sure future installations can be kept secure? > > As always, thanks in advance to everyone, > > Mark Moellering > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBE76A19-5825-45ED-B024-3D0EF64F28BD>