[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Summary: netbase: portmap and spoofprotect() Q's

I wrote:

>While commenting out the portmap references in
>/etc/init.d/netbase (Slink)to close the SunRPC port,
>I noticed that the spoofprotect() rules to "deny incoming
>packets pretending to be from our own system" were
>commented out.
>1) why is this? [...]

Marcus <talos@algonet.se> replied, "They are commented out because they
aren't needed.  If you got a recent kernel, spoof-preventing is done in it.
Thus ipchains and ipfwadm are commented out."

>2) do any services other than RPC [services] need portmap?

Seth Vidal <skvidal@phy.duke.edu> and Michael Wood <wood@kingsley.co.za>
pretty much confirmed what I've learned:  when I kill portmap, and nothing
breaks, then I did OK.  :-)

Thanks to all for the replies!


Reply to: