Em Sáb, 2009-01-31 às 02:41 +0100, Ansgar Wiechers escreveu: > There seems to be a misunderstanding about the nature of ports here. > Ports don't magically turn "open", because you don't filter them on the > firewall. A port is only in the state "open" if some daemon has a > listening socket bound to it. For instance, port 111/tcp on your machine > is probably open, because you're running the portmap daemon.
> Besides, why is your firewall running port-mapper, identd and print > spooler anyway? A firewall is a security device and should be running as > little services as possible. I also strongly recommend running a custom > (stripped-down) kernel. These remind me of a question I forgot to ask somewhere else: why is portmap installed (and enabled!) by default? I just installled a fresh lenny, with the web server task, and portmap was installed and enabled by default. I believe nfs-common was also pulled together, and none was called for during the install procedure. IMHO it's a very dangerous default. regards FF -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
