Protect portmap With iptables

Protect portmap With iptables

The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.

Securing portmap only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then portmap is required, and the following section applies.

Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the portmap service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost.

Example:

iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT

To similarly limit UDP traffic, use the following command.

iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP

Tags: iptables, portmap

Trackback URI | Comments RSS

You must be logged in to post a comment.

ServerBuddies Support Blog

Linux Support Blog

Protect portmap With iptables

Leave a Reply

E-mail Updates

Archives

Categories

Links