The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
If you are running RPC services, you should follow some basic rules.
Below is are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost, All other packets are dropped.
#iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
#iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT
To similarly limit UDP traffic, use the following command.
#iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP
Latest posts by invaleed (see all)
- Install WordPress di Docker - June 6, 2018
- Install ZFS di openSUSE - September 1, 2016
- VM Solaris 10 “intermittent” jika menggunakan ethernet e1000 - August 29, 2016
- Belajar Ansible - February 18, 2016
- Jual borongan perangkat keras dan Lunak, Server, Storage Network, VMWare dll - February 11, 2016