Suggestion for an altered portmap package
David Kewley
kewley at cns.caltech.edu
Thu Aug 12 00:21:49 UTC 2004
Troels Arvin wrote on Wednesday 11 August 2004 16:50:
> On desktop systems, I can't get rid of portmap because fam needs it.
> - And I can't even stop portmap because a well-working fam is nice.
> As I don't use NFS or NIS on my desktop, either, I've long wanted to
> be able to tell portmap to bind to the loopback interface only,
> following a security principle of making daemons listen to the least
> possible interfaces. There doesn't seem to be a way to do that, so
> I've tried creating an altered portmap package. I'm no great c-coder,
> but it seems to work (even though there could be some IPv6 issues?).
portmap uses tcp-wrappers, so you can use /etc/hosts.{allow,deny} to
control which packets you process. Yes, portmap still listens on all
interfaces, but if I understand tcp-wrappers correctly, portmap won't
be asked to process any disallowed packets.
David
More information about the fedora-devel-list
mailing list