Re: Safely exposing a service to the internet
On Sun, Jan 23, 2005 at 02:20:08AM -0500, William Ballard wrote:
> Sid's apache? Should I make some kind of jail and
> put something in a DMZ?
I'm going to do this:
ADSL: Port forward to OpenBSD running pf
OpenBSD: Port forward to a Woody Chroot
My machine will be running latest kernel and sid,
but Apache will be running in a Woody Chroot with
Debian security applied.
As long as (1) there are no kernel exploits,
(2) I do the pf part correctly, and (3) I don't
make any mistakes in any server code I run in
Apache, this publicly accessibly webserver
should be expected to be safe, correct?