NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: access control for mountd, statd, and lockd?

On Feb 8, 2010, at 10:51 AM, Steven Bellovin wrote:
>> Well, yes.  Hopefully anyone using NFS has a firewall guarding their 
>> Internet connections, so completely unwanted packets from the rest of the 
>> 'net should be filtered there.
> Precisely what I'm trying to do, which is why I want known port numbers to 
> block....

If you're using classic RPC, then that's all ports. [1]

Permit the ones which you decide you need according to the local security 
policy; and use stateful rules to permit ephemeral high ports used by outgoing 


[1]: You might get away with not blocking 49152 - 65535 since I don't believe 
portmapper/rpc.portmap/etc will put RPC services into that range.

Home | Main Index | Thread Index | Old Index