Date: Wed, 3 Mar 2004 10:24:25 +1100 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: bms@spc.org (Bruce M Simpson) Cc: freebsd-security@freebsd.org Subject: Re: [PATCH] Force mountd(8) to a specified port. Message-ID: <200403022324.i22NOQ7B015446@caligula.anu.edu.au> In-Reply-To: <20040302211030.GJ7115@saboteur.dek.spc.org> from "Bruce M Simpson" at Mar 02, 2004 09:10:30 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Bruce M Simpson, sie said: > Hi all, > > I have a requirement to run NFS read-only in an Internet-facing colocation > environment. I am not happy with packet filters alone around rpcbind, call > me paranoid, so I just spent the last few minutes cutting this patch. > > As you are aware, RPC applications can be forced to listen on a known port > through the sin/sa argument to bindresvport[_sa](). Why several Linux > distributions have this feature yet none of the BSDs do is beyond me... > > Please let me know your thoughts. If there are no valid objections I plan > to commit it. I'm confused by your first paragraph...the primary purpose of a patch like this would be, I imagine, to support being able to write filter rules for your firewall with a specific port defined rather than have to determine it after rpcbind & mountd have started. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403022324.i22NOQ7B015446>