On Thu, 2003-08-07 at 19:24, Schalk Erasmus wrote:
Hi,
I need to know what the implications are to make use of the hosts.allow file
on a FreeBSD Production Server (ISP Setup)? The reason I'm asking, is that
I've recently decommisioned a Linux SendMail Server to a FreeBSD Exim
Server, but with no Firewall (IPTABLES) yet.
Besides the fact that it only runs EXIM and Apache, is it necessary to
Configure rc.Firewall? or can I only make use of the hosts.allow file?
Only applications that honour tcp_wrappers use hosts.allow. Therefore to
ensure that your machine is secure it would be wise to use a firewall of
some kind.
Currently I would only like to allow SSH access from my Home Network,
instead of allowing the WORLD.
I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but based
on the new Access Control File, it is all merged together in one file:
# hosts.allow access control file for tcp wrapped applications.
# $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 dougb Exp $
#
I take that I should allow the other Services, in this order:
sshd : myhomepc : allow
exim : ALL : allow
httpd : ALL : allow
ftpd : ALL : allow
ALL : ALL : deny
That would limit ssh only from myhomepc. So thats correct.
What kind of protection does FreeBSD need by Default? Since OpenBSD goes
around saying: SECURE BY DEFAULT !?
Hmm, I don't think OpenBSD runs a firewall by default. Basically they
start you off with a very restrictive setup. FreeBSD is reasonably
secure by default to. But, if you plan to have this box running in a
ISP environment a firewall would be highly recommended.
--
--byron
signature.asc
Description: This is a digitally signed message part