此内容没有您所选择的语言版本。
2.2.2.2. Protect portmap With iptables
To further restrict access to the
portmap
service, it is a good idea to add iptables rules to the server and restrict access to specific networks.
Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the
portmap
service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost. This is necessary for the sgi_fam
service used by Nautilus. All other packets are dropped.
~]#iptables -A INPUT -p tcp -s ! 192.168.0.0/24 --dport 111 -j DROP
~]#iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT
To similarly limit UDP traffic, use the following command:
~]# iptables -A INPUT -p udp -s ! 192.168.0.0/24 --dport 111 -j DROP
Note
Refer to Section 2.8, “Firewalls” for more information about implementing firewalls with iptables commands.