From owner-freebsd-stable@FreeBSD.ORG  Wed Jan  4 20:44:05 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@FreeBSD.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD9E216A420
	for <stable@FreeBSD.org>; Wed,  4 Jan 2006 20:44:05 +0000 (GMT)
	(envelope-from vivek@khera.org)
Received: from yertle.kcilink.com (yertle.kcilink.com [65.205.34.180])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E28DE43D5E
	for <stable@FreeBSD.org>; Wed,  4 Jan 2006 20:44:02 +0000 (GMT)
	(envelope-from vivek@khera.org)
Received: from [192.168.7.103] (host-103.int.kcilink.com [192.168.7.103])
	by yertle.kcilink.com (Postfix) with ESMTP id 5F3BFB80F
	for <stable@FreeBSD.org>; Wed,  4 Jan 2006 15:44:01 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v746.2)
In-Reply-To: <43BC24E7.6090800@FreeBSD.org>
References: <A97CE7DE-1841-41D0-B702-E82761FCDD3B@khera.org>
	<43BC24E7.6090800@FreeBSD.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <D0C52AF2-A5A9-42BF-8CD8-CFC01235D92C@khera.org>
Content-Transfer-Encoding: 7bit
From: Vivek Khera <vivek@khera.org>
Date: Wed, 4 Jan 2006 15:44:00 -0500
To: stable@FreeBSD.org
X-Mailer: Apple Mail (2.746.2)
Cc: 
Subject: Re: rpcbind lingering on IP no longer specified on command line
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2006 20:44:05 -0000


On Jan 4, 2006, at 2:41 PM, Doug Barton wrote:

> What does 'sockstat | grep rpcbind' tell you?

# sockstat | grep rpcbind
root     rpcbind    11382 5  stream /var/run/rpcbind.sock
root     rpcbind    11382 6  dgram  -> /var/run/logpriv
root     rpcbind    11382 7  udp4   127.0.0.1:111         *:*
root     rpcbind    11382 8  udp4   192.168.100.200:111   *:*
root     rpcbind    11382 9  udp4   *:664                 *:*
root     rpcbind    11382 10 tcp4   *:111                 *:*

As Dmitry Morozovsky points out, it seems it always listens to tcp *: 
111 which seems to be a bad thing.  I'm running 6.0-RELEASE-p1.

This came up because of some security scans we're having run for some  
compliance certificates we need...

Can anyone explain why rpcbind will still bind to all tcp interfaces?