Thread: Test server
View Single Post
  #3   (View Single Post)  
Old 2nd August 2012
barti barti is offline
Shell Scout
 
Join Date: Jul 2012
Posts: 122
Default

http://serverfault.com/questions/220...t-installation


accepted Daytime and Time and what I would consider "legacy" protocols. My guess is they are included in the default configuration for traditional UNIX-style completeness. They are started by inetd, and unless you need these services (you probably don't if you have to ask) you can disable them by commenting out the relevant lines in your /etc/inetd.conf (see man page).
Code:
#ident           stream  tcp     nowait  _identd /usr/libexec/identd     identd -el
#ident           stream  tcp6    nowait  _identd /usr/libexec/identd     identd -el
#daytime        stream  tcp     nowait  root    internal
#daytime        stream  tcp6    nowait  root    internal
#time           stream  tcp     nowait  root    internal
#time           stream  tcp6    nowait  root    internal
kill -HUP `cat /var/run/inetd.pid`


============================================


3

down vote Given that pf is enabled by default you can make your pf.conf use the default deny method. Assume your interface is fxp0, this is a good starting rule set.
Code:
set skip on lo0

block in  fxp0
block out fxp0

pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state

pass in on fxp0 proto tcp from any to (fxp0) {22 80}

Last edited by ocicat; 2nd August 2012 at 05:11 PM. Reason: Please use [code] & [/code] tags when posting command output!
Reply With Quote