[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Safely exposing a service to the internet

On Sun, Jan 23, 2005 at 02:20:08AM -0500, William Ballard wrote:
> Sid's apache?  Should I make some kind of jail and
> put something in a DMZ?

I'm going to do this:
ADSL: Port forward to OpenBSD running pf
OpenBSD: Port forward to a Woody Chroot

My machine will be running latest kernel and sid,
but Apache will be running in a Woody Chroot with
Debian security applied.

As long as (1) there are no kernel exploits,
(2) I do the pf part correctly, and (3) I don't
make any mistakes in any server code I run in
Apache, this publicly accessibly webserver
should be expected to be safe, correct?

Reply to: