From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127 Description of problem: Chapter 5. Server Security Securing Portmap Could You add note that when protecting portmap with iptables it might be important to allow connections to localhost:sunrpc. Why? Because by dropping packets on 127.0.0.1:111 prevents fam to work correctly. Fam might not be the only component that depends from sunrpc.
I will look iinto this and update the server chapter for the next revision. Thank you so much for catching this. Take care, Johnray
Below are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost (which is necessary for the sgi_fam service used by Nautilus). All other packets are dropped. iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT Thanks for catching that. Johnray