[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Suggestion for an altered portmap package
- From: David Kewley <kewley cns caltech edu>
- To: Development discussions related to Fedora Core <fedora-devel-list redhat com>, Troels Arvin <troels arvin dk>
- Cc:
- Subject: Re: Suggestion for an altered portmap package
- Date: Wed, 11 Aug 2004 17:21:49 -0700
Troels Arvin wrote on Wednesday 11 August 2004 16:50:
> On desktop systems, I can't get rid of portmap because fam needs it.
> - And I can't even stop portmap because a well-working fam is nice.
> As I don't use NFS or NIS on my desktop, either, I've long wanted to
> be able to tell portmap to bind to the loopback interface only,
> following a security principle of making daemons listen to the least
> possible interfaces. There doesn't seem to be a way to do that, so
> I've tried creating an altered portmap package. I'm no great c-coder,
> but it seems to work (even though there could be some IPv6 issues?).
portmap uses tcp-wrappers, so you can use /etc/hosts.{allow,deny} to
control which packets you process. Yes, portmap still listens on all
interfaces, but if I understand tcp-wrappers correctly, portmap won't
be asked to process any disallowed packets.
David
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]