RH Taroon Beta Open Ports
Pekka Savola
pekkas at netcore.fi
Mon Aug 25 13:25:45 UTC 2003
On Mon, 25 Aug 2003, Paul Jakma wrote:
> On Mon, 25 Aug 2003, Felipe Alfaro Solana wrote:
>
> > rpc.statd and portmap aren't the exclusive domain of NIS. Both are
> > enabled by default and used by NFS as client or server. I think they
> > could be disabled by default instead of being enabled by default.
>
> sgi_fam is an RPC service and needs portmap and is used, i think, by
> some of the GUI stuff (eg nautilus). portmap needs to be locally
> accessible.
>
> i do think portmap and rpc.statd should be firewalled off by default
> though. redhat-config-nfs or similar could enable portmap access if
> nfs mounts are configured.
.. and maybe even a default /etc/hosts.allow deny for portmap etc. to be
double sure and protect against people turning off the firewall. :-)
Could create a lot of confusion and support reqs though.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-devel-list
mailing list