tech-security: Re: Binding RPC services to specific ports

Subject: Re: Binding RPC services to specific ports
To: Luke Mewburn <lukem@NetBSD.org>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-security
Date: 07/18/2005 08:48:33

On Jul 17, 2005, at 8:21 PM, Luke Mewburn wrote:

> The syntax of IRIX's /etc/rpcports is each line is
>     program  transport  port  access
> (or empty or a comment line starting with '#')

I think /etc/rpcports is great.  But I would ask that you please make  
it nsswitch'able.

>
> Each line:
>     program        RPC program number (see rpc(4)), or the
>             capitalized keyword ANY.
>         [NetBSD uses rpc(5)]
>
>     transport    Transport name, either udp or tcp.
>         [NetBSD also supports udp6/tcp6 ?]
>
>     port        Port, or port range expressed as a pair of
>             ports separated only by a ``-'' character,
>             without any space or tab characters.
>             A port is specified numerically.
>         [Couldn't we support port names here?]
>
>     access        Whether the port or port range is available,
>             either ``allow'' or ``deny''.
>
>
> Do people know of other prior art in this area?
>
> Comments about adding this style of functionality to NetBSD?
>
> Cheers,
> Luke.
>

-- thorpej