First, if one were to deploy FreeBSD 5.3 as a standard
web and email server, would it need a firewall?
I don't see the point because only ports like 25 for smtp, 110 for pop, 80 for http, etc... will be listening
and open for connections with or without a firewall.
You always should use a firewall. You may run other services that may bind to ports on all interfaces, eg syslog, mysql, or others. Having a firewall will protect you against accidental misconfigurations of services that should only be accessible locally.
You may argue that your server is behind a routing firewall, but that argument only holds if there are no other servers. Otherwise you are at risk that if one server is compromised, the others fall easily thereafter.
The point is to use layers of security and filtering both on network routers/firewalls and on individual hosts, to obtain finegrained control and prevent a compromise from propagating.
Cheers, Erik
-- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
