we all understand basic security/harding methods, good stuff! 8) the terminal module thing was a tongue in cheek comment. hence the smiley face.
thanks for the comments, greg On Wed, Sep 21, 2011 at 2:29 AM, Greg Hennessy <[email protected]>wrote: > Agreed. Additionally all the services should either be configured to listen > on the trusted management interface only *or* configured to listen on lo0 > only with external access granted via a pf portforward from the configured > trusted management interface(s) only. If the security policy fails or is > unloaded for some reason. The attack surface is significantly reduced. Greg > > > Nathan Eisenberg ** wrote: > > > > > > > > > > Alternately, access to the GUI can be restricted by firewall rules <...> > > > >Not just 'can' - but 'should', imho. > >_______________________________________________ > >List mailing list > >[email protected] > >http://lists.pfsense.org/mailman/listinfo/list > > > > > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
