portmap by default (Re: my debian does not read my own iptables script)
Em Sáb, 2009-01-31 às 02:41 +0100, Ansgar Wiechers escreveu:
> There seems to be a misunderstanding about the nature of ports here.
> Ports don't magically turn "open", because you don't filter them on the
> firewall. A port is only in the state "open" if some daemon has a
> listening socket bound to it. For instance, port 111/tcp on your machine
> is probably open, because you're running the portmap daemon.
> Besides, why is your firewall running port-mapper, identd and print
> spooler anyway? A firewall is a security device and should be running as
> little services as possible. I also strongly recommend running a custom
> (stripped-down) kernel.
These remind me of a question I forgot to ask somewhere else: why is
portmap installed (and enabled!) by default? I just installled a fresh
lenny, with the web server task, and portmap was installed and enabled
by default. I believe nfs-common was also pulled together, and none was
called for during the install procedure. IMHO it's a very dangerous