Protect portmap With iptables

The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.

If you are running RPC services, you should follow some basic rules.

Below is are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost, All other packets are dropped.

#iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
#iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT

To similarly limit UDP traffic, use the following command.
#iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP

The following two tabs change content below.
Unix/Linux enthusiasts, good working experience with SAN, NAS, Linux, Solaris, AIX, VMWare & Graphic Design. Certified for Solaris Admin, EMC & HDS Storage.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.