NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: How to configure npf to restrict nfs to localhost
On Mon, Jun 29, 2020 at 11:26:37AM +0530, Mayuresh wrote:
> On Mon, Jun 29, 2020 at 10:00:06AM +0530, Mayuresh wrote:
> > Any hints for how to block these ports for outside world and keep open for
> > localhost?
> 
> Tried:
> 
> group "external" on $ext_if {
>     ...
>     block final to any port 111
>     block final to any port 2049
>     ...
> 
> 
> This kind of works. I can telnet to the port from localhost. From outside
> it doesn't say connection refused, it just hangs instead. Obviously I am
> missing something.
fwiw, my default npf blocks are:
...
procedure "log" { log: npflog0 }
block return-rst in final proto tcp flags S/SA all apply "log"
block in final all apply "log"
...
so I'm returning reset and logging.
-- 
Paul Ripke
"Great minds discuss ideas, average minds discuss events, small minds
 discuss people."
-- Disputed: Often attributed to Eleanor Roosevelt. 1948.
Home |
Main Index |
Thread Index |
Old Index