On Thu, 2003-08-07 at 19:24, Schalk Erasmus wrote: > Hi, > > I need to know what the implications are to make use of the hosts.allow file > on a FreeBSD Production Server (ISP Setup)? The reason I'm asking, is that > I've recently decommisioned a Linux SendMail Server to a FreeBSD Exim > Server, but with no Firewall (IPTABLES) yet. > > Besides the fact that it only runs EXIM and Apache, is it necessary to > Configure rc.Firewall? or can I only make use of the hosts.allow file?
Only applications that honour tcp_wrappers use hosts.allow. Therefore to ensure that your machine is secure it would be wise to use a firewall of some kind. > Currently I would only like to allow SSH access from my Home Network, > instead of allowing the WORLD. > > I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but based > on the new "Access Control File", it is all merged together in one file: > > # hosts.allow access control file for "tcp wrapped" applications. > # $FreeBSD: src/etc/hosts.allow,v 184.108.40.206 2002/04/17 19:44:22 dougb Exp $ > # > > I take that I should allow the other Services, in this order: > > sshd : myhomepc : allow > exim : ALL : allow > httpd : ALL : allow > ftpd : ALL : allow > ALL : ALL : deny That would limit ssh only from myhomepc. So thats correct. > What kind of protection does FreeBSD need by Default? Since OpenBSD goes > around saying: "SECURE BY DEFAULT" !? Hmm, I don't think OpenBSD runs a firewall by default. Basically they start you off with a very restrictive setup. FreeBSD is reasonably secure "by default" to. But, if you plan to have this box running in a ISP environment a firewall would be highly recommended. -- --byron
Description: This is a digitally signed message part