# Connection Best Practices



## srzxj2 (Apr 23, 2012)

Hello 

Quick one: is it reco*m*mended to have a hardware firewall in front of a FreeBSD installation? Or is it okay to have it directly connected provided that it is locked down properly? Running a website and want to minimize the chance of the system being compromised.

Thanks,

SR


----------



## frijsdijk (Apr 23, 2012)

You should be ok, provided that the firewall 'on board' is properly configured, using ipfw, or pf or ipfilter. Of course, adding a firewall in front of it will always (well not allways, but mostly) give you a bit more security. 

Also consider using /etc/hosts.allow for daemons such as sshd for added security. And keep all the software up to date (watch portaudit output and follow security announcements of freebsd FreeBSD).


----------



## srzxj2 (Apr 23, 2012)

Fantastic, thank you!

SR


----------



## throAU (Apr 30, 2012)

Don't forget also to ensure that your web server configuration is hardened.

All the firewall rules in the world won't help if your machine is compromised via the web server running in the open on port 80.


----------

