Date: Tue, 17 Jun 2003 09:08:42 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-questions@freebsd.org Subject: Re: restrictive ipfw ruleset and ftp Message-ID: <87smq8lrth.fsf@pooh.honeypot.net> In-Reply-To: <20030617121346.GA80594@athomson.prv.au.itouchnet.net> (Andrew Thomson's message of "Tue, 17 Jun 2003 22:13:46 %2B1000") References: <20030617121346.GA80594@athomson.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Transfer-Encoding: quoted-printable At 2003-06-17T12:13:46Z, Andrew Thomson <ajthomson@optushome.com.au> writes: > i have a list of ports that i let my users go out on: 80, 22, 143, 443 etc > etc.. Out of curiosity, do you have control over the set of machines that your users are connecting to? I.e., are they uploading to your own FTP server at a colo site? If so, you might consider dropping FTP altogether in favor of SFTP. It's radically easier to firewall; you just open a single TCP port. You also get decent authentication and end-to-end encryption. Just a thought. =2D-=20 Kirk Strauser In Googlis non est, ergo non est. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA+7yDt5sRg+Y0CpvERAtf9AKCDG8iZc2sHvDuHHAOz1PdwdZ5AdQCfZSCm YIGPaGd8A9NkoHgNWORqhaI= =Yp4x -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87smq8lrth.fsf>