[ale] hosts.deny and portmap

Geoffrey esoteric at 3times25.net
Sun Dec 23 11:08:27 EST 2001


This is a guess, but I'd suspect that if you want the ports not to show
up, you'll need to turn off portmap altogether.

Understand, that before that machine can determine it's going to deny a
particular connection, it needs to get the ip to compare it to the
deny/allow files, therefore the port must be available in order to do
so.  Now, it would make sense to me that if you have 'deny all' set,
that it wouldn't bother but I suspect this is not the case.

If you're not using portmap, remove it, take it out of your services
file.

Jimmie Fulton wrote:
> 
> I was reading throught the nfs-howto about securing portmap.  I have tried:
> portmap: ALL
> and /or
> ALL: ALL
> 
> in hosts.deny; my hosts.allow is blank.  Even still rpcinfo -p from any host
> still lists the available ports.  man portmap says to use hosts.allow and
> hosts.deny for security.
> 
> The nfs-howto also suggests a strings on portmap for hosts.allow and
> hosts.deny to see if it uses them.  Neither of those strings show up.
> 
> This system is a currently updated Debian Woody.  Any ideas on why
> hosts.deny doesn't seem to work for portmap?
> 
> Thanks
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

--
Until later: Geoffrey		esoteric at 3times25.net

"...the system (Microsoft passport) carries significant risks to users
that
are not made adequately clear in the technical documentation available."
- David P. Kormann and Aviel D. Rubin, AT&T Labs - Research
- http://www.avirubin.com/passport.html

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list