In the following I shortly describe the procedure to harden a vanilla FreeBSD server. This is basically about securing SSH and setting up PF (firewall) to protect against possible intruders.

pkg install sudo vim tmux git mosh sshguard-pf

# File: /etc/ssh/sshd_config

PermitRootLogin no
AuthenticationMethods publickey,keyboard-interactive

# File: /etc/rc.conf

pf_enable="YES"
sshguard_enable="YES"

# File: /etc/pf.conf

pf_enable="YES"
sshguard_enable="YES"

Enable firewall pf in /usr/local/etc/sshguard.conf