I have run an OBSD firewall for years and run nothing on it...the only listening port is 22 on one of the internal interfaces. You don't need identd or any of that crap on a firewall...it's forwarding or blocking packets only. -- ~Allie D.
On Wed, December 5, 2007 10:58, Andreas Maus wrote: > On Wed, Dec 05, 2007 at 11:49:07AM -0500, Chris Smith wrote: >> Hello, >> >> When using OpenBSD only as a NAT router / Firewall with all of the >> services in inetd.conf commented out is there any need to enable inetd? > Hi Chris. > > The only service that should (or could,depends on your point of view) > be allowed from the internet is IMHO the identd service. > > Blocking this service may cause some delay because some mailers and > irc servers are checking for this service. > > OTOH it may be considered as a security risc to give strangers valid > usernames. (If you need inetd requests from the outside and dont want > to give them valid usernames you can install a other identd, e.g. > oidentd or just a fakeidentd to return an arbitrary username) > >> I believe it's no longer necessary for ftp-proxy and want to make sure >> I'm not missing anything. > I don't run ftp-proxy so I don't know about this, sorry. > > HTH, > > Andreas > > -- > Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of > an 8-bit operating system written for a 4-bit processor by a 2-bit > company who cannot stand 1 bit of competition.
