From owner-freebsd-questions@FreeBSD.ORG Wed Jan 5 19:51:48 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0EF9E106564A for ; Wed, 5 Jan 2011 19:51:48 +0000 (UTC) (envelope-from ryan.coleman@cwis.biz) Received: from server.cwis.biz (70-89-202-5-invergrove-mn.hfc.comcastbusiness.net [70.89.202.5]) by mx1.freebsd.org (Postfix) with ESMTP id D606E8FC25 for ; Wed, 5 Jan 2011 19:51:47 +0000 (UTC) Received: from server.cwis.biz (localhost [127.0.0.1]) by server.cwis.biz (Postfix) with ESMTP id B1E34262C1EC; Wed, 5 Jan 2011 13:52:19 -0600 (CST) X-Virus-Scanned: amavisd-new at cwis.biz Received: from server.cwis.biz ([127.0.0.1]) by server.cwis.biz (server.cwis.biz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ra16BtlFNrZ9; Wed, 5 Jan 2011 13:52:18 -0600 (CST) Received: from [192.168.1.172] (c-76-113-215-212.hsd1.mn.comcast.net [76.113.215.212]) by server.cwis.biz (Postfix) with ESMTPSA id 2B5E9262C1EB; Wed, 5 Jan 2011 13:52:18 -0600 (CST) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: Ryan Coleman In-Reply-To: <4D24CB09.3030603@msen.com> Date: Wed, 5 Jan 2011 13:51:19 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D249129.6090008@webtent.net> <4D249298.9080706@nrdx.com> <4D24CB09.3030603@msen.com> To: Mark Moellering X-Mailer: Apple Mail (2.1082) Cc: freebsd-questions@freebsd.org Subject: Re: Bot? / pf question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jan 2011 19:51:48 -0000 Yes and no. You want to leave ftp open, too, just in case for port = upgrading/downloading, plus you would want to do monitoring across the = wire (Nagios or something, maybe?). You could, though, do a dual-NIC = setup and have one be a private network LAN for the servers if you = aren't already considering it. On Jan 5, 2011, at 1:48 PM, Mark Moellering wrote: > Since I am going to be setting up a mail server sometime next week and = have to keep things like this in mind; > would it make sense to run pf and block all outbound traffic that = isn't on port 25 ( port 995 , etc) and force any web administration = programs onto a port other than 80 to help with this sort of thing? Any = other thoughts on how to make sure future installations can be kept = secure? >=20 > As always, thanks in advance to everyone, >=20 > Mark Moellering > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"