Summary: netbase: portmap and spoofprotect() Q's
I wrote:
>While commenting out the portmap references in
>/etc/init.d/netbase (Slink)to close the SunRPC port,
>I noticed that the spoofprotect() rules to "deny incoming
>packets pretending to be from our own system" were
>commented out.
>
>1) why is this? [...]
Marcus <talos@algonet.se> replied, "They are commented out because they
aren't needed. If you got a recent kernel, spoof-preventing is done in it.
Thus ipchains and ipfwadm are commented out."
>2) do any services other than RPC [services] need portmap?
Seth Vidal <skvidal@phy.duke.edu> and Michael Wood <wood@kingsley.co.za>
pretty much confirmed what I've learned: when I kill portmap, and nothing
breaks, then I did OK. :-)
Thanks to all for the replies!
Tod
abl.com
Reply to: