Re: strange messages

From: Christopher Schulte (christopher@schulte.org)
Date: 03/08/01


Date: Thu, 08 Mar 2001 13:12:41 -0600
To: Brooks Davis <brooks@one-eyed-alien.net>, "oldfart@gtonet" <oldfart@gtonet.net>
From: Christopher Schulte <christopher@schulte.org>

At 10:35 AM 3/8/2001 -0800, Brooks Davis wrote:
>but the ports RPC services bind to are the same ones your outbound
>TCP connections are bound to so you'll need stateful firewalling
>to make it work.

You can convince the kernel to use a more user-defined port range(s) for
dynamic outbound connections with a few sysctl vars, thus making firewall
confs a bit easier to craft and maintain:

`sysctl -a | grep portrange`

>You can force NFS to use only it's reserved port
>(see /etc/defaults/rc.conf), but generally you can't dictate where RPC
>services bind. You're best bet is to disable rpc.statd unless you are
>actually using it.

It's always a good idea to turn a service off if you're not using it. ;p

>-- Brooks
>
>--
>Any statement of the form "X is the one, true Y" is FALSE.
>PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message