From owner-freebsd-questions  Wed Jul 14 21:59:43 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from pinnacle.co.nz (pinnacle.internet.co.nz [210.48.55.133])
	by hub.freebsd.org (Postfix) with ESMTP id D3F42154DB
	for <freebsd-questions@FreeBSD.ORG>; Wed, 14 Jul 1999 21:59:20 -0700 (PDT)
	(envelope-from jonc@pinnacle.co.nz)
Received: from kiwi.pinnacle.co.nz (kiwi.pinnacle.co.nz [202.37.163.2])
	by pinnacle.co.nz (8.9.3/8.9.3) with ESMTP id QAA06748;
	Thu, 15 Jul 1999 16:49:19 +1200 (NZST)
Date: Thu, 15 Jul 1999 16:49:19 +1200 (NZST)
From: Jonathan Chen <jonc@pinnacle.co.nz>
To: James Gill <gill@topsecret.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: is having the ports secure?
In-Reply-To: <NDBBJDFMIMOCFNNCEKADAEBDCJAA.gill@topsecret.net>
Message-ID: <Pine.SC5.4.10.9907151648150.5775-100000@kiwi.pinnacle.co.nz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 14 Jul 1999, James Gill wrote:

> 
> Hi..
> 
> If i'm trying to make a secure installation (for example a firewall box)
> that will run only a finite set of services (NAT, firewalling, DNS, and not
> very much else), wouldn't it be better (more secure) to not install the
> whole ports collection but only the specific ports for the services I want?

Yup. And the quick way to do this is to set up rc.conf *NOT* to run inetd.

Jonathan Chen
----------------------------------------------------------------------
                                        "Nyuck, nyuck, nyuck!" - Curly



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message