Weblog

All | China | Cricket | General | IPFilter | OpenSolaris | Solaris IPFilter | USA vs.... | Zones
« How to synchronise... | Main | Software is only... »
20050312 Saturday March 12, 2005

SunRPC proxy for IPFilter So yet another email from an IPFilter user who wants to be able to easily use Sun's RPC mechanism with IPFilter. Maybe I need to sell this more to my manager so that he understands why it is so useful and worthwhile? Maybe Sun is waiting for someone in the open source community to "do it"? Problem is, it is more often the business customer who has a need for this to work, not people running IPFilter at home. Not the average kind of programmer who toils away on open source stuff in his free time. ( Mar 12 2005, 12:15:15 AM PST ) Permalink Comments [4]

Trackback URL: http://blogs.sun.com/avalon/entry/sunrpc_proxy_for_ipfilter
Comments:

Hi Could you send more details about "SunRPC proxy for IPFilter" I want to realy do with Solaris OS, In depth Sun also provide this type of solution with Solaris 10 OS. So please send it more details where I compair with Solaris OS.

Posted by Mohammed Tanvir on March 12, 2005 at 01:23 AM PST #

The IPFilter code comes with all that is needed to allow/block RPC ports. The only thing needed is a bit of modification to the startup script, ipfboot. I do things a bit differently and have my ipf.conf file split into multiple files, in order to have a greater percentage of standardization across servers. I also make heavy use of the "quick" keyword to change the default order from last-match to first-match. Below is an example RPC rule. email me if you want to know how it works.

pass in quick proto tcp/udp from any to any service = ypserv keep state
pass in quick proto udp from any to any service = yppasswdd keep state

Posted by John Bailey on July 28, 2005 at 01:26 PM PDT #

Which version of IPFilter supports the ruleset you are speaking of? I have attempted to add: pass in quick proto udp from any to any service = mountd pass in quick proto tcp from any to any service = mountd and it DOES NOT work. If fails with the message: syntax error error at "<unknown>" This is on Solaris 10 with the packaged IPFilter(4.0.2).

Posted by Justin Ewing on August 24, 2005 at 01:32 PM PDT #

[Trackback] How do you allow access to rpc services through ipf? Searching found a number of people with the same questions and no good answers Darren Reed: SunRPC proxy , OpenSolaris Forums in which Darren states "There is a proxy, of sorts, in the ...

Posted by YakShaving on March 17, 2006 at 04:29 PM PST #

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

Calendar

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today

RSS Feeds

XML
All
/China
/Cricket
/General
/IPFilter
/OpenSolaris
/Solaris IPFilter
/USA vs....
/Zones

Search

Links

Navigation

Referers

Today's Page Hits: 18