tcpwrapped rpcbind/portmap?

From: Geoff Collis (
Date: 08/15/01

Message-ID: <>
From: Geoff Collis <>
Subject: tcpwrapped rpcbind/portmap?
Date: Tue, 14 Aug 2001 15:51:22 -0700

As a standard part of hardening Solaris 2.6 and Solaris 7 I would normally
replace rpcbind and portmap with Wietse's versions
( so that access to these
is controlled /etc/hosts.allow and /etc/hosts.deny files.

I believe I need "rpcbind" to allow my secured host to NFS mount the NFS
shares on my Network Appliance file servers.

These programs are based on fairly old source, so should I still do this on
Solaris 8?

FWIW: I am not interested in encrypting the data transfer, more in
controlling who is allowed to bind the RPC services on a host.

I will also be installing ipfilter, so I may be able to restrict access by
some inventive ipfilter rules, although RPC is notoriously difficult to

Suggestions and feedback on the best way to proceed and/or what others have
done, would be appreciated.

- Geoff