×

Welcome to TagMyCode

Please login or create account to add a snippet.
 

Protect NFS port mount

0
0
 
0
Language: Bash
Posted by: Shelane French
Added: Jan 24, 2020 9:37 PM
Modified: Jan 24, 2020 9:38 PM
Views: 4233
Tags: no tags
  1. #1) backup the /etc/pf.conf file
  2. $ cp /etc/pf.conf /etc/pf.conf.DATE
  3.  
  4. #2) add the following custom rules to the /etc/pf.conf file.
  5. #firewall rules to secure rpcbind and keep it local to the host
  6. block return in proto tcp from any to any port 111
  7. block return in proto udp from any to any port 111
  8. pass in inet proto tcp from 192.168.64.0/24 to any port 111 no state
  9. pass in inet proto tcp from 127.0.0.1 to any port 111 no state
  10. pass in inet proto udp from 192.168.64.0/24 to any port 111 no state
  11. pass in inet proto udp from 127.0.0.1 to any port 111 no state
  12.  
  13. #3) Load the custom rules. The pf.conf is loaded automatically on a reboot.
  14. $ sudo pfctl -f /etc/pf.conf
  15.  
  16. #4) Enable the packet filter firewall. After every reboot, this packet filter firewall needs to be re-enabled by running the following command.
  17. $ sudo pfctl -E
  18.  
  19. #Now port 111 should no longer available to the network but should be available to localhost and 192.168.64.0/24 internal network.

Write a comment

To post comments, please log in or register.