From owner-freebsd-security Fri Jul 27 10:41:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from cvd.pl (cvd.pl [213.25.82.2]) by hub.freebsd.org (Postfix) with ESMTP id DA30E37B401 for ; Fri, 27 Jul 2001 10:40:36 -0700 (PDT) (envelope-from gdef@cvd.pl) Received: by cvd.pl (Postfix, from userid 1005) id 887D213FB21; Fri, 27 Jul 2001 19:42:10 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by cvd.pl (Postfix) with ESMTP id 75F2EF6127; Fri, 27 Jul 2001 19:42:10 +0200 (CEST) Date: Fri, 27 Jul 2001 19:42:10 +0200 (CEST) From: "Janusz Mucka (Defacto)" To: Peter Pentchev Cc: , Subject: Re: RPC opens ports on all aliases In-Reply-To: <20010727195308.D1105@ringworld.oblivion.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I know about that. portmap_flags="-h 10.10.10.1" nfs_server_enable="YES" nfs_server_flags="-u -n 1 -h 10.10.10.1" No effect. There are still open TCP ports on all aliases Defio > Yes; provide the necessary command-line options to the various servers. > For example, the nfsd(8) manual page documents a -h option, which > specifies an IP address to bind to. The portmap(8) manual page also > documents an -h option. > > You can pass command-line options to the servers on startup by > adding the corresponding variable definitions in your /etc/rc.conf file. > You can see all the available variables by either reading the rc.conf(5) > manual page, or looking through the /etc/defaults/rc.conf file. > > DO NOT modify the /etc/defaults/rc.conf file! Simply reassign > the variables you need in /etc/rc.conf. > > For portmap(8) and nfsd(8), the appropriate variables are > portmap_flags and nfs_server_flags. > > G'luck, > Peter > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message