<snip>....blah blah...<snap> he'd better do man syslogd... but assume this: - no pf for udp/514. - a DOS or DDOS to this OPEN port. - syslogd running just in "send mode". - and finally: no remote syslogging configured because of only 1 box here.
will it take more ressources to handle this with an open port compared to a closed one or not? i guess yes. and for security, i guess a closed port is still better, than an application reading all packets and discarding them... question: what about 1 more argv to have syslogd not to bind udp/514 at all? br, mdff...
