I am building a firewall/NAT box for my father.  This is the first firewall
that I've built.  And, I'm trying to put only the minimum software on it
that will help me remote administer it (ie. ssh) and keep it up to date (ie.
portupgrade).

I figured I'd need a few programs installed for convenience.  But, I didn't
want to sacrafice security.  I thought I might get the advice of those who
have gone before me.

Here is what I was thinking about installing:

<here's what I consider to be almost mandatory>
sshd
cvsup
portupgrade

<here's what I thought might add for obvious reasons>

squid (maybe ??)
portsentry (maybe ??)
ncftp (client only if I can find it)
links

I'm mostly concerned about cvsup and portupgrade because I see them as being
next to mandatory.  I think I could get along without them.  But, I'm
concerned about security risks associated with not being current.  Do they
pose more security risks than they might prevent by keeping me current?
Another thing about portupgrade that concerns me is what it does to my
kernel sources.  I tried recompiling after having run portupgrade and pretty
much hosed everything.  I started over from scratch and recompiled first.  I
haven't put portupgrade back on, yet.  I wanted to get opinions about it's
risk:reward ratio first.

I'm open to all suggestions, links or any other comments.  This is new
territory for me.

Thanks,
Darren


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to