netbase: portmap and spoofprotect() Q's
While commenting out the portmap references in /etc/init.d/netbase (Slink)
to close the SunRPC port, I noticed that the
spoofprotect() rules to "deny incoming packets pretending to be from our own
system" were commented out.
1) why is this -- because they require an IP address, don't work, or the
ipmasq rules (which I'm using) supercede them? In other words, should I add
my WAN/Internet IP and uncomment the rules? (configuration is: eth0
connects to Internet, eth1 connects to private LAN, with ipmasq in between)
2) do any services other than RPC need portmap?
Thanks for any help!
Tod
abl.com
Reply to: