The second patch below allows outsiders to connect to your AUTH port (113).
I found that allowing this will cut down a lot on the number of pointless
"Deny" log messages you will get if you don't have this, because a *lot*
of things out in the real world (most notably Sendmail) _will_ try to
connect to your local auth port whenever you connect out to them.
Or you can simply ignore them completely w/out logging them, since AUTH
is a useless protocol, and you really shouldn't have a real AUTH daemon
running on your box in any case.
On this topic also consider the "dummy" AUTH server in inetd...
Someone (you?) posted one to the mailing list, and/or modified inetd to
use a dummy one. I'd have to go look in the archives.
However, I haven't had an auth server running on my box for over 3
years, and it hasn't appeared to have hurt anything. :)
I can wait the extra 2-3 seconds for the auth server to timeout to get
my email. :)
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message