From owner-freebsd-hackers Fri May 24 9:58:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from damnhippie.dyndns.org (12-253-177-2.client.attbi.com [12.253.177.2]) by hub.freebsd.org (Postfix) with ESMTP id CB7EF37B408 for ; Fri, 24 May 2002 09:58:50 -0700 (PDT) Received: from [172.22.42.2] (peace.hippie.lan [172.22.42.2]) by damnhippie.dyndns.org (8.12.3/8.12.3) with ESMTP id g4OGwo6r077882 for ; Fri, 24 May 2002 10:58:50 -0600 (MDT) (envelope-from freebsd@damnhippie.dyndns.org) User-Agent: Microsoft Outlook Express Macintosh Edition - 5.01 (1630) Date: Fri, 24 May 2002 10:58:58 -0600 Subject: portmap, rpcbind, and open PRs From: Ian To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG There are two open PRs relating to portmap (in 4.x) not allowing you to specify on the command line that it should bind only to the localhost interface (bin/30235, bin/34919). Of the two, I think the patch included with 30235 is the cleaner solution. However, it appears that -CURRENT doesn't use portmap at all, it uses rpcbind, which doesn't have any config options for binding only to given IP addresses. (I think that's a serious deficiency, personally.) I guess the new way of things is to use tcpwrappers or firewall rules to protect rpcbind. If there's mileage in fixing portmap for the remaining lifetime of FreeBSD 4.x, then I'd recommend applying the patch in PR 30235 and closing the other PR. (I guess this should be done after the 4.6 release.) If there's no point in fixing it at this late date, both PRs should probably be closed. -- Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message