> From: Luke Mewburn <lukem@NetBSD.org>
> To: tech-security@NetBSD.org
> Subject: Binding RPC services to specific ports
>
> Hi all:
>
> A feature that I've often desired is the ability to force
> specific RPC services to be bound to specific TCP/IP ports.
>
> I'd prefer a generic solution to this rather than hacking
> each rpc daemon to support a "hardcode this port".
>
> I did a little bit of research and found that IRIX 6.5.20
> added /etc/rpcports -- as documented in their rpcports(4) at:
> 	http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/p_man/cat4/rpcports.z
>
> The syntax of IRIX's /etc/rpcports is each line is
> 	program  transport  port  access
> (or empty or a comment line starting with '#')
>
> Each line:
> 	program		RPC program number (see rpc(4)), or the
> 			capitalized keyword ANY.
> 	    [NetBSD uses rpc(5)]
>
> 	transport	Transport name, either udp or tcp.
> 	    [NetBSD also supports udp6/tcp6 ?]
>
> 	port		Port, or port range expressed as a pair of
> 			ports separated only by a ``-'' character,
> 			without any space or tab characters.
> 			A port is specified numerically.
> 	    [Couldn't we support port names here?]
>
> 	access		Whether the port or port range is available,
> 			either ``allow'' or ``deny''.
>
>
> Do people know of other prior art in this area?
>
> Comments about adding this style of functionality to NetBSD?
>
> Cheers,
> Luke.
>

I just sent-pr an enhanced version of mountd(8) for this (#30772) this 
morning (guess that's why you wrote this mail?).

Of couse it'd be better to have this centralised and not on a per-daemon 
base, but that'd involve modification of all daemons, now not binding 
with a "NULL" sockaddr* but with something that came (at least the port) 
from rpcbind ... am I right (not that familiar with this rpc thing)?

If we decide to take this approch, I could possibly participate in 
modifing the daemons.

Please CC me, I'm not on this list.

-Florian