http://serverfault.com/questions/220...t-installation
accepted Daytime and Time and what I would consider "legacy" protocols. My guess is they are included in the default configuration for traditional UNIX-style completeness. They are started by inetd, and unless you need these services (you probably don't if you have to ask) you can disable them by commenting out the relevant lines in your /etc/inetd.conf (see man page).
Code:
#ident stream tcp nowait _identd /usr/libexec/identd identd -el
#ident stream tcp6 nowait _identd /usr/libexec/identd identd -el
#daytime stream tcp nowait root internal
#daytime stream tcp6 nowait root internal
#time stream tcp nowait root internal
#time stream tcp6 nowait root internal
kill -HUP `cat /var/run/inetd.pid`
============================================
3
down vote Given that pf is enabled by default you can make your pf.conf use the default deny method. Assume your interface is fxp0, this is a good starting rule set.
Code:
set skip on lo0
block in fxp0
block out fxp0
pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state
pass in on fxp0 proto tcp from any to (fxp0) {22 80}