Re: Limiting server side RPC ports for firewall rules

From: Casper *** (casper_at_holland.sun.com)
Date: 04/22/04

• Previous message: James M Galvin: "static routes when multi-homed"
• In reply to: Kreusch, Stephen (ZA - Johannesburg): "Limiting server side RPC ports for firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Kreusch, Stephen (ZA - Johannesburg)" <skreusch@deloitte.co.za>
Date: Thu, 22 Apr 2004 11:57:24 +0200

>Is it possible to limit the range of ports allocated to RPC on the
>server side of a connection? If so, how, what settings, etc.? I want
>to limit the ports used by RPC servers to a narrow range, so that the
>current firewall rules which specify a large port range can be limited
>to a narrower range, and the connections can be more securely handled.

The only way to achieve this for services which bind to ephemeral ports
is to (temporarily?) change the port range used for anonymous ports:

ndd /dev/tcp tcp_smallest_anon_port
ndd /dev/tcp tcp_largest_anon_port
ndd /dev/udp udp_smallest_anon_port
ndd /dev/udp udp_largest_anon_port

Is there any particular reason why you don't filter all incoming
traffic? If you use a stateful filter, this really shouldn't be
a problem for outgoing connections.

Casper

• Previous message: James M Galvin: "static routes when multi-homed"
• In reply to: Kreusch, Stephen (ZA - Johannesburg): "Limiting server side RPC ports for firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint