Hello, Just would like to add for more information, when I start rpcbind normally, not via systemd, the random UDP is still opened Could you please share any ideas on this? Brs, Bao On 27 January 2018 at 19:50, Naruto Nguyen <narutonguyen2018@xxxxxxxxx> wrote: > I would like to ask you a question regarding the new random UDP port > in rpcbind 0.2.3. > > In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through > rpcbind.service, then I do netstat > > udp 0 0 0.0.0.0:111 0.0.0.0:* > 10408/rpcbind > udp 0 0 0.0.0.0:831 0.0.0.0:* > 10408/rpcbind > udp6 0 0 :::111 :::* > 10408/rpcbind > udp6 0 0 :::831 :::* > 10408/rpcbind > > The rpcbind does not only listen on port 111 but also on a random udp > port "831" in this case, this port is changed every time the rpcbind > service retstarts. And it listens on 0.0.0.0 so it opens a hole on > security. Could you please let me know what this port is for and is > there any way to avoid that like force it listen on a internal > interface rather than on any interfaces like that? I do not see the > random port on rpcbind 0.2.1, not sure why? As the rpcbind is started > from systemd so "-h" option is invalid as the man page says: > > > -h Specify specific IP addresses to bind to for UDP requests. > This option may be specified multiple times and can be used to > restrict the interfaces rpcbind will respond to. Note that when > rpcbind is controlled via sys- > temd's socket activation, the -h option is ignored. In > this case, you need to edit the ListenStream and ListenDgram > definitions in /usr/lib/systemd/system/rpcbind.socket instead. > > Thanks a lot, > Brs, > Naruto -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
