> On 2002.10.21 20:11 Jacob Rhoden wrote: > > On Tue, 22 Oct 2002 03:43, James wrote: > > > I'm just wondering if most web servers don't run a firewall? We've > > > setup a FreeBSD web server without ipfw running, and I don't really > > see > > > any reason to run ipfw since the only services I have running are > > httpd > > > and sshd. We have also attempted to secure the machine in the other > > > typical ways. > > > > As others have said, you dont really need to, but it is a good idea, > > and does > > add an extra layer of protection. One example of this would be, if you > > web > > server is compromised, and the user gets access as 'httpd' but not as > > root. > > Having a firewall will prevent them malicious activity, such as using > > your > > machine to launch a DOS attack against another machine, and prevent > > them > > running a daemon that allows them to connect to your machine on > > another port. > > > > So you dont need a firewall, but it does make your machine alot more > > safe if > > you do. > > > > The other option, is you can set the kernel secure level so that users > > cannot > > modify the kernel or the firewall rules to get around your security, > > without > > having local access to the machine. > > > > > I appreciate all the input! I think I will be putting up ipfw > afterall! I see now that the benefits far outweigh the small amount of > time it takes to setup ipfw. I imagine there wouldn't be any > noticeable effects to performance either. > Have a look at http://www.schlacter.net:8500/public/FreeBSD- STABLE_and_IPFILTER.html Kjell > James > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
