RE: rpc.statd hacking but firewalled
Try this in your firewall script:
# anything NFS-like should not be accessible from outside
NFSPORTS=`rpcinfo -p | awk '/tcp/||/udp/ {print $4}' | sort | uniq`
for PORT_NUM in $NFSPORTS
do $IPCHAINS -A input -i $extint -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0
$PORT_NUM -j REJECT -l
do $IPCHAINS -A input -i $extint -p udp -s 0.0.0.0/0 -d 0.0.0.0/0
$PORT_NUM -j REJECT -l
done
-----
Marc Wilson
mwilson@moonkingdom.net
mwilson@cts.com
http://www.moonkingdom.net/mwilson
-----Original Message-----
From: Ethan Benson [mailto:erbenson@alaska.net]
Sent: Monday, March 12, 2001 5:20 AM
To: Debian-User List
Subject: Re: rpc.statd hacking but firewalled
<< File: ATT00568.dat >> On Mon, Mar 12, 2001 at 01:38:53AM -0700, Curtis
Hogg wrote:
> i don't recall what port rpc.statd binds to, but what it is is a part of
> the NFS system, so disabling rpc.statd, i think, will also break NFS
> mounting on your side. you can still mount remote systems i think.
statd is bound to a random port on startup, it then registers itself
with the portmapper. many/most rpc services behave this way, its
quite annoying since it makes firewalling them next to impossible.
> you might want to check your /etc/services to see if it says where
> rpc.statd usually sticks itself.
statd is not in /etc/services since its an rpc service.
--
Ethan Benson
http://www.alaska.net/~erbenson/
Reply to: