Date: Fri, 27 Jul 2001 19:53:08 +0300 From: Peter Pentchev <roam@orbitel.bg> To: gdef@polychrome.durny.com Cc: freebsd-security@FreeBSD.org Subject: Re: RPC opens ports on all aliases Message-ID: <20010727195308.D1105@ringworld.oblivion.bg> In-Reply-To: <Pine.LNX.4.33.0107271828410.6684-100000@polychrome.durny.com>; from gdef@polychrome.durny.com on Fri, Jul 27, 2001 at 06:29:27PM %2B0200 References: <Pine.LNX.4.33.0107271828410.6684-100000@polychrome.durny.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 27, 2001 at 06:29:27PM +0200, gdef@polychrome.durny.com wrote: > > Hi, > > Is there any possibility to make RPC services to open tcp ports only on > specified IP adres? I modified portmap source to open TCP port 111 only > on given IP. But services eg nfs still open ports on all ip. > > Any solution? Yes; provide the necessary command-line options to the various servers. For example, the nfsd(8) manual page documents a -h option, which specifies an IP address to bind to. The portmap(8) manual page also documents an -h option. You can pass command-line options to the servers on startup by adding the corresponding variable definitions in your /etc/rc.conf file. You can see all the available variables by either reading the rc.conf(5) manual page, or looking through the /etc/defaults/rc.conf file. DO NOT modify the /etc/defaults/rc.conf file! Simply reassign the variables you need in /etc/rc.conf. For portmap(8) and nfsd(8), the appropriate variables are portmap_flags and nfs_server_flags. G'luck, Peter -- If this sentence didn't exist, somebody would have invented it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010727195308.D1105>