lowellworld.std.com

• Next message: Warner Losh: "Re: FTP with firewall rules"
• Previous message: Russell Frame: "Re: FTP with firewall rules"
• Next in thread: Michael McHugh: "Re: Firewall rules for an internet FTP server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Adam Woodbeck (KEYKERTUSA)" <Adam_Woodbeckkeykertusa.com> writes:

> I'm putting an ftp server online soon and I'm wanted to get your input on what
> ports you suggest I open up to the Internet. I have the firewall set up to use
> the "client" configuration. I've added a few lines to open up FTP to the
> Internet as well as allow other services to my local network. I've also added
> what I think will allow me to update the FTP server through CVS. Does anyone
> suggest I change anything on this configuration or does it look pretty complete?
> Thanks for the help!

It looks pretty good from a quick eyeballing, but that's no guarantee.

However, some of the rules are redundant. Although this isn't
necessarily a problem, it does make everything a little slower. If
you start having problems with the CPU load on the machine (or the
latency in the NAT/router machine), you might want to tune it a bit
for speed. Specifically, putting the rule that allows the
"established" TCP connections earlier in the ruleset (and maybe even
doing the same with the one that allows all outgoing TCP setups) would
make this a lot more efficient. Don't worry much about efficiency
unless you know it's a problem, though.

Be well.

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Warner Losh: "Re: FTP with firewall rules"
• Previous message: Russell Frame: "Re: FTP with firewall rules"
• Next in thread: Michael McHugh: "Re: Firewall rules for an internet FTP server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]