FreeBSD Bastion/Jump Host

[calanon]

Hi,

I would like to create a bastion/jump host in freebsd, do any of you have any tips or any guides available?

 

[tommiie]

What would make a bastion/jump host special? Put a firewall on it, only allowing SSH access from a certain range of IP addresses.

Edit: perhaps an interesting read - I have not read it yet - is this article from 2018 (adminbyaccident.com).

 

[SirDice]

Put a firewall on it, only allowing SSH access from a certain range of IP addresses.

Add to that, disable all unneeded services. And perhaps increase the security-level.

There's some good information to start with in security(7).

 

[tingo]

in addition to things already mentioned: don't install anything on the bastion host that you don't need. No "nice to have", no extras.

 

[rootbert]

limit resources using rctl, limit outgoing tcp/udp ports, dont allow users to download files and then execute them - just allow them to execute binaries you installed (no compiler etc). Use a minimal jail environment, and chroot every user