Date: Thu, 9 Aug 2001 17:41:55 -0700 From: Tabor Kelly <pdxmax@dsl-only.net> To: Keith Spencer <bsd2000au@yahoo.com.au> Cc: fbsd <freebsd-questions@freebsd.org> Subject: Re: Separate firewall or not? Message-ID: <11621029839.20010809174155@dsl-only.net> In-Reply-To: <20010809235728.51097.qmail@web12006.mail.yahoo.com> References: <20010809235728.51097.qmail@web12006.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
IMHO you should use a separate firewall. I wouldn't take your compiler off of it, it makes certain tasks very difficult (like building a new kernel). Personally, I leave one thing on my firewall: sshd. There are many reasons not to use a normal server as a firewall, one large one is that, you only need 2 accounts on a firewall: root, and one user account. On a webserver you frequently have many, many account, all of which can be used against you! Note: I am not a network security expert, though I like to pretend that I know a little bit about security. On Thursday, August 09, 2001, 4:57:28 PM, Keith wrote: Hi all, sorry to repeat but I am in the middle of an urgent anti-hacking rebuild. Should I build a separate preimeter firewall machine with only that on it...restrict/remove compilers etc (how do I do that?) and have the router/dns/web/wail server inside the perimeter. OR should I simply put IPFW on the router/dns/web/mail server? Any ideas guys? Tjhanks Keith _____________________________________________________________________________ http://shopping.yahoo.com.au - Father's Day Shopping - Find the perfect gift for your Dad for Father's Day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11621029839.20010809174155>