firewall for web server
Ben Timby
asp at webexc.com
Tue Jun 29 11:29:48 PDT 2004
Peter, choose your firewall software, with a host firewall (what you are
looking for, not a network firewall) the features you need will be
limited. Find a howto on using that firewall package. The only
difference between what you want and what most howtos provide
instructions for is the ruleset. You will probably want rules like the
following:
--
block in log all (default deny stance).
block out log all (default deny stance).
allow in tcp port 80 SYN/SYN+ACK keep state (only allow new connections
and established ones to httpd).
allow in tcp port 22 SYN/SYN+ACK from host <your remote network here>
keep state (only allow new connections and established ones to sshd).
allow out tcp src port > 1024 dest port < 1024 keep state (only allow
new connections and established ones to "server" ports from "client" ports).
--
Modify for your firewall package and to suit your needs. Something
simple like the above is probably all you need.
I personally have used ipfilter in the past with good success, but I
currently use pf, which is ported from OpenBSD, and is the most
excellent firewall package I have ever used. The rule preprocessor makes
writing rules a breeze. I will not use any other firewall package again
as long as pf is a choice.
Hope that helps.
Peter Zyumbilev wrote:
> Hello,
>
> Do you know some good tutorial for bulding firewall for FreeBSD as web
> server. I found a lot of tutorials but for FreeBSD as router.
> Some commented premade script with comments will also do the job.
> I was plannding to use APF, but I am afarid to install it on FreeBSD
> without good tutorial.
> Please advise.
>
> Best regards,
>
> Peter
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list