NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: access control for mountd, statd, and lockd?
On Feb 8, 2010, at 10:51 AM, Steven Bellovin wrote:
>> Well, yes. Hopefully anyone using NFS has a firewall guarding their
>> Internet connections, so completely unwanted packets from the rest of the
>> 'net should be filtered there.
>
> Precisely what I'm trying to do, which is why I want known port numbers to
> block....
If you're using classic RPC, then that's all ports. [1]
Permit the ones which you decide you need according to the local security
policy; and use stateful rules to permit ephemeral high ports used by outgoing
connections.
Regards,
--
-Chuck
[1]: You might get away with not blocking 49152 - 65535 since I don't believe
portmapper/rpc.portmap/etc will put RPC services into that range.
- References:
- access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
Home |
Main Index |
Thread Index |
Old Index