Date: Thu, 08 Mar 2001 13:12:41 -0600 From: Christopher Schulte <christopher@schulte.org> To: Brooks Davis <brooks@one-eyed-alien.net>, "oldfart@gtonet" <oldfart@gtonet.net> Cc: security@FreeBSD.ORG Subject: Re: strange messages Message-ID: <5.0.2.1.0.20010308130833.00adec88@pop.schulte.org> In-Reply-To: <20010308103500.C13090@Odin.AC.HMC.Edu> References: <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net> <20010308100755.A13090@Odin.AC.HMC.Edu> <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:35 AM 3/8/2001 -0800, Brooks Davis wrote: >but the ports RPC services bind to are the same ones your outbound >TCP connections are bound to so you'll need stateful firewalling >to make it work. You can convince the kernel to use a more user-defined port range(s) for dynamic outbound connections with a few sysctl vars, thus making firewall confs a bit easier to craft and maintain: `sysctl -a | grep portrange` >You can force NFS to use only it's reserved port >(see /etc/defaults/rc.conf), but generally you can't dictate where RPC >services bind. You're best bet is to disable rpc.statd unless you are >actually using it. It's always a good idea to turn a service off if you're not using it. ;p >-- Brooks > >-- >Any statement of the form "X is the one, true Y" is FALSE. >PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010308130833.00adec88>