FreeBSD - Secure by DEFAULT ?? [hosts.allow]

Chris Odell chris at redstarnetworks.net
Thu Aug 7 11:11:20 PDT 2003 

  May I recommend IPF, FreeBSD's firewall daemon? Having this in place -
and yes on localhost, will be more of what you want to accomplish. You
will also be able to control a whole lot more as far as traffice to/from
your box. It is very simple to configure, as long as you can recompile
it in your kernel.

Just my 2 cents...

Chris Odell
chris at redstarnetworks.net

-----Original Message-----
From: owner-freebsd-security at freebsd.org
[mailto:owner-freebsd-security at freebsd.org] On Behalf Of Schalk Erasmus
Sent: Thursday, August 07, 2003 10:14 AM
To: freebsd-security at freebsd.org
Subject: FreeBSD - Secure by DEFAULT ?? [hosts.allow]


Hi,

I need to know what the implications are to make use of the hosts.allow
file on a FreeBSD Production Server (ISP Setup)? The reason I'm asking,
is that I've recently decommisioned a Linux SendMail Server to a FreeBSD
Exim Server, but with no Firewall (IPTABLES) yet.

Besides the fact that it only runs EXIM and Apache, is it necessary to
Configure rc.Firewall? or can I only make use of the hosts.allow file?

Currently I would only like to allow SSH access from my Home Network,
instead of allowing the WORLD.

I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but
based on the new "Access Control File", it is all merged together in one
file:

# hosts.allow access control file for "tcp wrapped" applications. #
$FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 dougb Exp $
#

I take that I should allow the other Services, in this order:

sshd : myhomepc : allow
exim : ALL : allow
httpd : ALL : allow
ftpd : ALL : allow
ALL : ALL : deny


What kind of protection does FreeBSD need by Default? Since OpenBSD goes
around saying: "SECURE BY DEFAULT" !?

Just asking.....

Regards

Schalk Erasmus
Incredible Networks
Windhoek, Namibia


_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"

More information about the freebsd-security mailing list