Subject: Binding RPC services to specific ports
To: None <>
From: Luke Mewburn <>
List: tech-security
Date: 07/18/2005 13:21:48
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all:

A feature that I've often desired is the ability to force
specific RPC services to be bound to specific TCP/IP ports.

I'd prefer a generic solution to this rather than hacking
each rpc daemon to support a "hardcode this port".

I did a little bit of research and found that IRIX 6.5.20
added /etc/rpcports -- as documented in their rpcports(4) at:

The syntax of IRIX's /etc/rpcports is each line is
	program  transport  port  access
(or empty or a comment line starting with '#')

Each line:
	program		RPC program number (see rpc(4)), or the
			capitalized keyword ANY.
	    [NetBSD uses rpc(5)]

	transport	Transport name, either udp or tcp.
	    [NetBSD also supports udp6/tcp6 ?]

	port		Port, or port range expressed as a pair of
			ports separated only by a ``-'' character,
			without any space or tab characters.
			A port is specified numerically.
	    [Couldn't we support port names here?]

	access		Whether the port or port range is available,
			either ``allow'' or ``deny''.

Do people know of other prior art in this area?

Comments about adding this style of functionality to NetBSD?


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (NetBSD)