Gary Kline wrote:
The way my site is now configured, my ISP
(Qwest) baby-bell has its router connected to my pfSense firewall. The
firewall computer connects to my FreeBSD server which handles my DNS,
mail, and web. The server then fans out to my several desktops. This
one, my laptop, my daughter's MacBook, and has a spare CAT5 for my
Since this sounds like a home setup, in terms of raw power usage I'm inclined to
suggest a tighter integration of router, DNS and firewall functionality by
putting this all into something like OpenWRT on a decent off-the-shelf router,
thereby eliminating the Qwest router, firewall machine and possibly mail/web if
it's low volume enough and/or you pick up a router with a USB connection for
storage. Try an Asus WL-500G Premium (version 1 is my favorite) if you go that
route. This would free up the server for other tasks, obsolete 2 boxes (and
possibly the server), spice up your life with easy to install SNMP monitoring of
connections and give your family wifi ... but I digress...
At a minimum, I'd like to have CVS working on at least my server.
I used ipf and/or IPFW .... managed to catch and kill
hundreds of kiddie-scripters trying to crack in. But with pfSense and
how things are *now*, I'm in the dark.
You're looking for an intrusion detection system (IDS). For FreeBSD you might
leverage 'grok' written by Jordan Sissel, which, isn't an IDS, but it will play
like one :
You could also do something like this :
...monitor your auth logs for bandits with email alerts.
That should get you started :)
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"