On Fri 25 Sep 2020 at 17:21:03 +0100, Tixy wrote: > On Fri, 2020-09-25 at 18:07 +0300, Andrei POPESCU wrote: > > On Vi, 25 sep 20, 10:23:43, Michael Stone wrote: > > > On Fri, Sep 25, 2020 at 09:01:26AM -0400, Gene Heskett wrote: > > > > > [...] > > > > such a setup in a router running dd-wrt. In nearly 2 decades, no one has > > > > come into my systems from the internet that I didn't give the > > > > credentials to do so. > > > > > > You post this all the time, but it's irrelevant at best and misleading at > > > worst. On a default debian system these days an external firewall is > > > basically a noop because there are no services listening. > > > > Well, besides exim (still installed by default as far as I know), CUPS > > (probably pulled by most DEs) > > On my lamptop exim and cups are only listening on address 127.0.0.1. > The only other listening process is init (systemd) listening on 0.0.0.0 > port 111. Hmm, that's rpcbind, installed by using NFS shares? Good job > I have a firewall between me and the internet ;-) (But seriously, one > thing I hadn't considerer for the very rare time I use public wifi).
An exim4 installation does indeed only listen on localhost: dc_local_interfaces='127.0.0.1 ; ::1' in /etc/exim4/update-exim4.conf.conf. Also, exim4 has Priority: optional and is no longer part of a default installation. The default cupsd.conf has Listen localhost:631 A dd-wrt based router using packet filtering contributes nothing in this situation. -- Brian.
