From owner-freebsd-security  Wed May 24  2:17: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97])
	by hub.freebsd.org (Postfix) with ESMTP id C57E837BA8D
	for <freebsd-security@freebsd.org>; Wed, 24 May 2000 02:16:47 -0700 (PDT)
	(envelope-from robinson@netrinsics.com)
Received: from netrinsics.com ([202.108.133.96])
	by public.bta.net.cn (8.9.3/8.9.3) with ESMTP id RAA06354
	for <freebsd-security@freebsd.org>; Wed, 24 May 2000 17:13:04 +0800 (GMT)
Received: (from robinson@localhost)
	by netrinsics.com (8.9.3/8.9.3) id OAA37954;
	Wed, 24 May 2000 14:11:37 +0800 (+0800)
	(envelope-from robinson)
Date: Wed, 24 May 2000 14:11:37 +0800 (+0800)
From: Michael Robinson <robinson@netrinsics.com>
Message-Id: <200005240611.OAA37954@netrinsics.com>
To: bdeless@efn.org, robinson@netrinsics.com
Subject: Re: Web Server and Xwindows
Cc: freebsd-security@freebsd.org
In-Reply-To: <Pine.GSU.4.05.10005231520330.23893-100000@garcia.efn.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

BD <bdeless@efn.org> writes:
>I've never used or installed IPSEC although I'm aware that is part of
>4.0(?). Since I will only use X localy is this still necessary? I had
>planned to use ipfw to block X at the interface.

In that case, you should probably block everything at the interface, and 
only allow the absolute minimum necessary for your primary services.

	-Michael Robinson



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message