Connection Best Practices

[srzxj2]

Hello

Quick one: is it recommended to have a hardware firewall in front of a FreeBSD installation? Or is it okay to have it directly connected provided that it is locked down properly? Running a website and want to minimize the chance of the system being compromised.

Thanks,

SR

 

[frijsdijk]

You should be ok, provided that the firewall 'on board' is properly configured, using ipfw, or pf or ipfilter. Of course, adding a firewall in front of it will always (well not allways, but mostly) give you a bit more security.

Also consider using /etc/hosts.allow for daemons such as sshd for added security. And keep all the software up to date (watch portaudit output and follow security announcements of freebsd FreeBSD).

 

[srzxj2]

Fantastic, thank you!

SR

 

[throAU]

Don't forget also to ensure that your web server configuration is hardened.

All the firewall rules in the world won't help if your machine is compromised via the web server running in the open on port 80.