From owner-freebsd-security  Fri Jul 27  9:54: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.39])
	by hub.freebsd.org (Postfix) with SMTP id 3D42E37B401
	for <freebsd-security@FreeBSD.org>; Fri, 27 Jul 2001 09:54:05 -0700 (PDT)
	(envelope-from roam@orbitel.bg)
Received: (qmail 8920 invoked by uid 1000); 27 Jul 2001 16:53:08 -0000
Date: Fri, 27 Jul 2001 19:53:08 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: gdef@polychrome.durny.com
Cc: freebsd-security@FreeBSD.org
Subject: Re: RPC opens ports on all aliases
Message-ID: <20010727195308.D1105@ringworld.oblivion.bg>
Mail-Followup-To: gdef@polychrome.durny.com,
	freebsd-security@FreeBSD.org
References: <Pine.LNX.4.33.0107271828410.6684-100000@polychrome.durny.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.33.0107271828410.6684-100000@polychrome.durny.com>; from gdef@polychrome.durny.com on Fri, Jul 27, 2001 at 06:29:27PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, Jul 27, 2001 at 06:29:27PM +0200, gdef@polychrome.durny.com wrote:
> 
> Hi,
> 
> Is there any possibility to make RPC services to open tcp ports only on
> specified IP adres? I modified portmap source to open TCP port 111 only
> on given IP. But services eg nfs still open ports on all ip.
> 
> Any solution?

Yes; provide the necessary command-line options to the various servers.
For example, the nfsd(8) manual page documents a -h option, which
specifies an IP address to bind to.  The portmap(8) manual page also
documents an -h option.

You can pass command-line options to the servers on startup by
adding the corresponding variable definitions in your /etc/rc.conf file.
You can see all the available variables by either reading the rc.conf(5)
manual page, or looking through the /etc/defaults/rc.conf file.

DO NOT modify the /etc/defaults/rc.conf file!  Simply reassign
the variables you need in /etc/rc.conf.

For portmap(8) and nfsd(8), the appropriate variables are
portmap_flags and nfs_server_flags.

G'luck,
Peter

-- 
If this sentence didn't exist, somebody would have invented it.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message