On Thu, 2003-08-07 at 19:24, Schalk Erasmus wrote: > Hi, > > I need to know what the implications are to make use of the hosts.allow file > on a FreeBSD Production Server (ISP Setup)? The reason I'm asking, is that > I've recently decommisioned a Linux SendMail Server to a FreeBSD Exim > Server, but with no Firewall (IPTABLES) yet. > > Besides the fact that it only runs EXIM and Apache, is it necessary to > Configure rc.Firewall? or can I only make use of the hosts.allow file?
Only applications that honour tcp_wrappers use hosts.allow. Therefore to
ensure that your machine is secure it would be wise to use a firewall of
some kind.
> Currently I would only like to allow SSH access from my Home Network,
> instead of allowing the WORLD.
>
> I've seen OpenBSD Servers using hosts.deny and hosts.allow files, but based
> on the new "Access Control File", it is all merged together in one file:
>
> # hosts.allow access control file for "tcp wrapped" applications.
> # $FreeBSD: src/etc/hosts.allow,v 1.8.2.7 2002/04/17 19:44:22 dougb Exp $
> #
>
> I take that I should allow the other Services, in this order:
>
> sshd : myhomepc : allow
> exim : ALL : allow
> httpd : ALL : allow
> ftpd : ALL : allow
> ALL : ALL : deny
That would limit ssh only from myhomepc. So thats correct.
> What kind of protection does FreeBSD need by Default? Since OpenBSD goes
> around saying: "SECURE BY DEFAULT" !?
Hmm, I don't think OpenBSD runs a firewall by default. Basically they
start you off with a very restrictive setup. FreeBSD is reasonably
secure "by default" to. But, if you plan to have this box running in a
ISP environment a firewall would be highly recommended.
--
--byron
signature.asc
Description: This is a digitally signed message part
