此内容没有您所选择的语言版本。
2.2.3.4. Assign Static Ports and Use iptables Rules
All of the servers related to NIS can be assigned specific ports except for
rpc.yppasswdd
— the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, rpc.ypxfrd
and ypserv
, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
To do this, add the following lines to
/etc/sysconfig/network
:
YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"
The following iptables rules can then be used to enforce which network the server listens to for these ports:
~]#iptables -A INPUT -p ALL -s ! 192.168.0.0/24 --dport 834 -j DROP
~]#iptables -A INPUT -p ALL -s ! 192.168.0.0/24 --dport 835 -j DROP
This means that the server only allows connections to ports 834 and 835 if the requests come from the 192.168.0.0/24 network, regardless of the protocol.
Note
Refer to Section 2.8, “Firewalls” for more information about implementing firewalls with iptables commands.