Protect portmap With iptables

Posted on


The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.

If you are running RPC services, you should follow some basic rules.

Below is are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost, All other packets are dropped.

#iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
#iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT

To similarly limit UDP traffic, use the following command.
#iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s