From owner-freebsd-current@FreeBSD.ORG  Wed May 23 07:04:24 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7B77016A41F
	for <freebsd-current@freebsd.org>; Wed, 23 May 2007 07:04:24 +0000 (UTC)
	(envelope-from danny@cs.huji.ac.il)
Received: from cs1.cs.huji.ac.il (cs1.cs.huji.ac.il [132.65.16.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 35BC413C45B
	for <freebsd-current@freebsd.org>; Wed, 23 May 2007 07:04:23 +0000 (UTC)
	(envelope-from danny@cs.huji.ac.il)
Received: from pampa.cs.huji.ac.il ([132.65.80.32])
	by cs1.cs.huji.ac.il with esmtp
	id 1HqktN-000Jpv-2p; Wed, 23 May 2007 10:04:17 +0300
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2
To: "Jack Vogel" <jfvogel@gmail.com>
In-reply-to: Your message of Tue, 22 May 2007 09:38:29 -0700 .
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Date: Wed, 23 May 2007 10:04:16 +0300
From: Danny Braniss <danny@cs.huji.ac.il>
Message-ID: <E1HqktN-000Jpv-2p@cs1.cs.huji.ac.il>
Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>,
	Ian FREISLICH <ianf@clue.co.za>, freebsd-current@freebsd.org
Subject: Re: em0 hijacking traffic to port 623 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2007 07:04:24 -0000

> On 5/22/07, Dag-Erling Sm=F8rgrav <des=40des.no> wrote:
> > Ian FREISLICH <ianf=40clue.co.za> writes:
> > > No, it's a March 6 current.  How safe is it to just update the
> > > sys/dev/em directory and recompile?  Quite a lot has changed in
> > > CURRENT since then and I don't want to update everything on these
> > > servers just yet.
> >
> > Quick workaround: configure inetd to listen to port 623 so rpcbind
> > won't assign these ports to the NFS server.  Something like this:
> >
> > asf-rmcp dgram  udp     nowait  root    /bin/false              false=

> > asf-rmcp stream tcp     nowait  root    /bin/false              false=

> > You dont have to do anything this crude btw, there is an setting
> in rc.conf I believe to control the range, I'm rusty on the details
> right now, I discovered this while working this same issue with
> Yahoo, but its been 6 months or more since.
>=20

in loader.conf:
net.inet.ip.portrange.lowlast=3D=22665=22

danny

> Jack