Subject: Binding RPC services to specific ports
To: None <tech-security@NetBSD.org>
From: Luke Mewburn <lukem@NetBSD.org>
Date: 07/18/2005 13:21:48
Content-Type: text/plain; charset=us-ascii
A feature that I've often desired is the ability to force
specific RPC services to be bound to specific TCP/IP ports.
I'd prefer a generic solution to this rather than hacking
each rpc daemon to support a "hardcode this port".
I did a little bit of research and found that IRIX 6.5.20
added /etc/rpcports -- as documented in their rpcports(4) at:
The syntax of IRIX's /etc/rpcports is each line is
program transport port access
(or empty or a comment line starting with '#')
program RPC program number (see rpc(4)), or the
capitalized keyword ANY.
[NetBSD uses rpc(5)]
transport Transport name, either udp or tcp.
[NetBSD also supports udp6/tcp6 ?]
port Port, or port range expressed as a pair of
ports separated only by a ``-'' character,
without any space or tab characters.
A port is specified numerically.
[Couldn't we support port names here?]
access Whether the port or port range is available,
either ``allow'' or ``deny''.
Do people know of other prior art in this area?
Comments about adding this style of functionality to NetBSD?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----