Re: RH Taroon Beta Open Ports

[Howard Owen <hbo egbok com>]

Why not configure portmapper to listen on localhost, then have the
services (mountd, ypserv, etc.) that need it enable listening on the 
wire when they start? You'd need a cooperative arrangement whereby the
init scripts would shut down external portmapper if they were the last
service that needed it on service shutdown.

Of course, you can argue that an admin that is configuring NFS
or NIS should understand the security implications and other 
requirements of these services, but we don't live in a perfect world.

and therefore be able to 
On Mon, 2003-08-25 at 08:45, rhldevel assursys co uk wrote:
> On Mon, 25 Aug 2003, Bill Nottingham wrote:
> 
> > rhldevel assursys co uk (rhldevel assursys co uk) said: 
> > > Which local processes? We've already heard about sgi_fam, and we already
> > > know about NIS and NFS, but is this really worth leaving it listening on
> > > external interfaces in a _default_ install?
> > 
> > Set up a firewall, as is the default in the install...
> 
> Certainly, and allowing easy configuration of Linux's IP filtering
> functionality at install time was a very responsible move by RH.
> 
> But to a lot of naïve users, firewalls are deeply technical things, that
> they worry will interfere with normal usage. As a result, I believe a number
> of such users will install with the firewall disabled, or stop it when
> attempting to get things working - perhaps never to (re-)enable it. Having
> things like X11, portmapper and rpc.statd listening on an external interface
> is asking for trouble, IMHO.
> 
> > Bill
> 
> Best Regards,
> Alex.
> 
> 
> --
> Rhl-devel-list mailing list
> Rhl-devel-list redhat com
> http://www.redhat.com/mailman/listinfo/rhl-devel-list
-- 
Howard Owen                      "Even if you are on the right
EGBOK Consultants                 track, you'll get run over if you
hbo egbok com    +1-650-339-5733  just sit there." - Will Rogers