# FreeBSD Bastion/Jump Host



## calanon (Feb 19, 2019)

Hi,

I would like to create a bastion/jump host in freebsd, do any of you have any tips or any guides available?


----------



## tommiie (Feb 19, 2019)

What would make a bastion/jump host special? Put a firewall on it, only allowing SSH access from a certain range of IP addresses.

Edit: perhaps an interesting read - I have not read it yet - is this article from 2018 (adminbyaccident.com).


----------



## SirDice (Feb 19, 2019)

tommiie said:


> Put a firewall on it, only allowing SSH access from a certain range of IP addresses.


Add to that, disable all _unneeded_ services. And perhaps increase the security-level. 

There's some good information to start with in security(7).


----------



## tingo (Feb 20, 2019)

in addition to things already mentioned: don't install anything on the bastion host that you don't _need_. No "nice to have", no extras.


----------



## rootbert (Feb 22, 2019)

limit resources using rctl, limit outgoing tcp/udp ports, dont allow users to download files and then execute them - just allow them to execute binaries you installed (no compiler etc). Use a minimal jail environment, and chroot every user


----------

