On Wed, 2006-01-04 at 15:44 -0500, Vivek Khera wrote: > On Jan 4, 2006, at 2:41 PM, Doug Barton wrote: > > > What does 'sockstat | grep rpcbind' tell you? > > # sockstat | grep rpcbind > root rpcbind 11382 5 stream /var/run/rpcbind.sock > root rpcbind 11382 6 dgram -> /var/run/logpriv > root rpcbind 11382 7 udp4 127.0.0.1:111 *:* > root rpcbind 11382 8 udp4 192.168.100.200:111 *:* > root rpcbind 11382 9 udp4 *:664 *:* > root rpcbind 11382 10 tcp4 *:111 *:* > > As Dmitry Morozovsky points out, it seems it always listens to tcp *: > 111 which seems to be a bad thing. I'm running 6.0-RELEASE-p1. > > This came up because of some security scans we're having run for some > compliance certificates we need... > > Can anyone explain why rpcbind will still bind to all tcp interfaces?
Although I believe this is a bug, it is actually working as documented: from rpcbind(8): -h bindip Specify specific IP addresses to bind to for UDP requests. Gavin _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"