netbase: portmap and spoofprotect() Q's
- To: "Firewallers" <debian-firewall@lists.debian.org>
- Subject: netbase: portmap and spoofprotect() Q's
- From: "Paul Tod Rieger" <prie@abl.com>
- Date: Wed, 24 May 2000 11:26:52 -0400
- Message-id: <000101bfc594$7c9da0c0$0404a8c0@electra.abl.com>
While commenting out the portmap references in /etc/init.d/netbase (Slink)
to close the SunRPC port, I noticed that the
spoofprotect() rules to "deny incoming packets pretending to be from our own
system" were commented out.
1) why is this -- because they require an IP address, don't work, or the
ipmasq rules (which I'm using) supercede them? In other words, should I add
my WAN/Internet IP and uncomment the rules? (configuration is: eth0
connects to Internet, eth1 connects to private LAN, with ipmasq in between)
2) do any services other than RPC need portmap?
Thanks for any help!
Tod
abl.com
Reply to: