portmap, bind(), and NIS
mdg at secureworks.net
Wed Jul 30 10:21:45 PDT 2003
I'm running an NIS server that I would very much *not* want to be
accessible on some of its interfaces. portmap can be instructed to bind
to specific addresses using the -h flag, but this seems to break ypbind.
ypbind will attempt to find a server by issuing a broadcast rpc request to
the local network. When portmap is not bound to INADDR_ANY, it will not
reply to these requests.
I'd rather not have to run ypset on clients where this condition exists
with their local NIS servers, and I'd really like to not have portmap
bound on certain interfaces. I could filter it of course, but I was
hoping someone had another option that they were aware of ...
SecureWorks Technical Operations
More information about the freebsd-security