First Last Prev Next    This bug is not in your last search results.
Bug 78723 - Protecting portmap With iptables
Protecting portmap With iptables
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: rhl-sg (Show other bugs)
8.0
noarch Linux
medium Severity medium
: ---
: ---
Assigned To: Johnray Fuller
Tammy Fox
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-28 06:15 EST by juha.heljoranta
Modified: 2007-04-18 12:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-13 19:19:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description juha.heljoranta 2002-11-28 06:15:20 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127

Description of problem:
Chapter 5. Server Security
Securing Portmap

Could You add note that when protecting portmap with iptables it might be
important to allow connections to localhost:sunrpc.

Why? Because by dropping packets on 127.0.0.1:111 prevents fam to work
correctly.  Fam might not be the only component that depends from sunrpc.
Comment 1 Johnray Fuller 2002-12-09 09:11:52 EST 
I will look iinto this and update the server chapter for the next revision.

Thank you so much for catching this.

Take care,
Johnray
Comment 2 Johnray Fuller 2003-02-13 19:19:12 EST 
Below are two example iptables commands that
allow TCP connections to the portmap service (listening on
port 111) from the 192.168.0/24 network and from the localhost (which
is necessary for the sgi_fam service used by
Nautilus). All other packets are dropped.


iptables -A INPUT -p tcp -s 127.0.0.1  --dport 111 -j ACCEPT

Thanks for catching that.

Johnray
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.