Even though dns may not be 'turned on', almost everything tcpip related
wants dns look ups.
sshd for example, will stall for quite an annoying amount of time trying
to do a reverse lookup. unless you dont actually have name servers
configured at all.
also, not syncing the clock makes date stamps in logs almost entirely
unreliable.
Dean
Rick Phillips wrote:
HI Dean
You most likely want to allow outbound dns and the subsequent reply
Keep in mind that blocking outbound usually requires a few more
allowances than just the basic service you plan the box to provide.
NTP also springs to mind, so that you can keep the clock in sync.
You can also allow ping requests and limit the rate and packet size,
which gives you the niceties of being able to determine some level of
connectivity, whilst reducing scope for abuse.
Thanks for the comments but none of the services you mention are used or
even turned on. It's an unusual situation I know.
Regards,
Rick
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
