From owner-freebsd-audit Thu Mar 23 11:23:22 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 89DE737BC3F for ; Thu, 23 Mar 2000 11:23:11 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id MAA34947; Thu, 23 Mar 2000 12:23:08 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA42847; Thu, 23 Mar 2000 12:23:05 -0700 (MST) Message-Id: <200003231923.MAA42847@harmony.village.org> To: "Jeroen C. van Gelderen" Subject: Re: Portmapper enabled, IPv6 circumvents FW Cc: FreeBSD Audit List In-reply-to: Your message of "Thu, 23 Mar 2000 15:16:07 -0400." <38DA6D77.FB93FC36@vangelderen.org> References: <38DA6D77.FB93FC36@vangelderen.org> Date: Thu, 23 Mar 2000 12:23:05 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <38DA6D77.FB93FC36@vangelderen.org> "Jeroen C. van Gelderen" writes: : I'd suggest disabling the portmapper in a default installation : unless there is a good reason not to. Sadly too many people want NFS :-(. It is a big pita to run nfs w/o portmapper. : Another solution is to add a comment to /etc/inetd.conf because : that's what people usually edit on new systems (because FreeBSD : *still* runs ftpd and telnetd by default). Agreed. : Opinions? I've been sent patches that make *ALL* network services off by default. I'm thinking seriously about committing them to at least -current and maybe to -stable also. These patches also hack sysinstall to enable them in /etc/rc.conf so as to not effectively change our system defaults. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message