From owner-freebsd-audit Thu Mar 23 11:34:23 2000 Delivered-To: freebsd-audit@freebsd.org Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47]) by hub.freebsd.org (Postfix) with ESMTP id 79D8E37B88E for ; Thu, 23 Mar 2000 11:34:19 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from vangelderen.org (intefix.ai [209.88.68.216]) by cypherpunks.ai (Postfix) with ESMTP id 3C15F49; Thu, 23 Mar 2000 15:33:29 -0400 (AST) Message-ID: <38DA70B2.96AF6B6D@vangelderen.org> Date: Thu, 23 Mar 2000 15:29:54 -0400 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: FreeBSD Audit List Subject: Re: Portmapper enabled, IPv6 circumvents FW References: <38DA6D77.FB93FC36@vangelderen.org> <200003231923.MAA42847@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > > In message <38DA6D77.FB93FC36@vangelderen.org> "Jeroen C. van Gelderen" writes: > : I'd suggest disabling the portmapper in a default installation > : unless there is a good reason not to. > > Sadly too many people want NFS :-(. It is a big pita to run nfs w/o > portmapper. But why not enable portmapper contingent on NFS being enabled? Not possible? > : Another solution is to add a comment to /etc/inetd.conf because > : that's what people usually edit on new systems (because FreeBSD > : *still* runs ftpd and telnetd by default). > > Agreed. > > : Opinions? > > I've been sent patches that make *ALL* network services off by > default. I'm thinking seriously about committing them to at least > -current and maybe to -stable also. These patches also hack > sysinstall to enable them in /etc/rc.conf so as to not effectively > change our system defaults. Interesting, would this include disabling sendmail by default? (Please say yes.) Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Kick-ass crypto for you: http://www.cryptix.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message