From owner-freebsd-stable@FreeBSD.ORG Thu Jan 5 11:10:33 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 159A716A420 for ; Thu, 5 Jan 2006 11:10:33 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from mail-gw1.york.ac.uk (mail-gw1.york.ac.uk [144.32.128.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AA1143D55 for ; Thu, 5 Jan 2006 11:10:31 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy-128.york.ac.uk [144.32.128.160]) by mail-gw1.york.ac.uk (8.12.10/8.12.10) with ESMTP id k05B6k6w000306; Thu, 5 Jan 2006 11:06:46 GMT Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.4/8.13.4) with ESMTP id k05B6j8a011885; Thu, 5 Jan 2006 11:06:45 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.4/8.13.4/Submit) id k05B6j8m011884; Thu, 5 Jan 2006 11:06:45 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: Vivek Khera In-Reply-To: References: <43BC24E7.6090800@FreeBSD.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 05 Jan 2006 11:06:45 +0000 Message-Id: <1136459205.11648.4.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk Cc: stable@freebsd.org Subject: Re: rpcbind lingering on IP no longer specified on command line X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2006 11:10:33 -0000 On Wed, 2006-01-04 at 15:44 -0500, Vivek Khera wrote: > On Jan 4, 2006, at 2:41 PM, Doug Barton wrote: > > > What does 'sockstat | grep rpcbind' tell you? > > # sockstat | grep rpcbind > root rpcbind 11382 5 stream /var/run/rpcbind.sock > root rpcbind 11382 6 dgram -> /var/run/logpriv > root rpcbind 11382 7 udp4 127.0.0.1:111 *:* > root rpcbind 11382 8 udp4 192.168.100.200:111 *:* > root rpcbind 11382 9 udp4 *:664 *:* > root rpcbind 11382 10 tcp4 *:111 *:* > > As Dmitry Morozovsky points out, it seems it always listens to tcp *: > 111 which seems to be a bad thing. I'm running 6.0-RELEASE-p1. > > This came up because of some security scans we're having run for some > compliance certificates we need... > > Can anyone explain why rpcbind will still bind to all tcp interfaces? Although I believe this is a bug, it is actually working as documented: from rpcbind(8): -h bindip Specify specific IP addresses to bind to for UDP requests. Gavin