5.2. Securing Portmap
The portmap For these reasons, it is difficult to secure.
If you are running RPC services, you should follow some basic rules.
5.2.1. Protect portmap With TCP Wrappers
It is important to use TCP wrappers to limit which networks or hosts have access to the portmap service since it has no built-in form of authentication.
Further, use only
5.2.2. Protect portmap With iptables
To further restrict access to the portmap service, it is a good idea to add iptables rules to the server restricting access to specific networks.
Below is are two example iptables commands that allow TCP connections to the portmapsgi_fam service used by Nautilus). All other packets are dropped.
iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT |
To similarly limit UDP traffic, use the following command.
iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP |
 | Tip |
|---|---|
Refer to Chapter 7 Firewalls for more information about implementing firewalls with iptables commands. |
| Главная |