Re: strange messages
From: Christopher Schulte (christopher@schulte.org)
Date: 03/08/01
- Next message: Brooks Davis: "Re: strange messages"
- Previous message: Adam Laurie: "Re: "write only" fs/files ?"
- In reply to: Brooks Davis: "Re: strange messages"
- Next in thread: Brooks Davis: "Re: strange messages"
- Reply: Brooks Davis: "Re: strange messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 08 Mar 2001 13:12:41 -0600 To: Brooks Davis <brooks@one-eyed-alien.net>, "oldfart@gtonet" <oldfart@gtonet.net> From: Christopher Schulte <christopher@schulte.org>
At 10:35 AM 3/8/2001 -0800, Brooks Davis wrote:
>but the ports RPC services bind to are the same ones your outbound
>TCP connections are bound to so you'll need stateful firewalling
>to make it work.
You can convince the kernel to use a more user-defined port range(s) for
dynamic outbound connections with a few sysctl vars, thus making firewall
confs a bit easier to craft and maintain:
`sysctl -a | grep portrange`
>You can force NFS to use only it's reserved port
>(see /etc/defaults/rc.conf), but generally you can't dictate where RPC
>services bind. You're best bet is to disable rpc.statd unless you are
>actually using it.
It's always a good idea to turn a service off if you're not using it. ;p
>-- Brooks
>
>--
>Any statement of the form "X is the one, true Y" is FALSE.
>PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Brooks Davis: "Re: strange messages"
- Previous message: Adam Laurie: "Re: "write only" fs/files ?"
- In reply to: Brooks Davis: "Re: strange messages"
- Next in thread: Brooks Davis: "Re: strange messages"
- Reply: Brooks Davis: "Re: strange messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
