Show Table of Contents
22.214.171.124. Assign Static Ports and Use iptables Rules
All of the servers related to NIS can be assigned specific ports except for
rpc.yppasswdd— the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons,
ypserv, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
To do this, add the following lines to
YPSERV_ARGS="-p 834" YPXFRD_ARGS="-p 835"
The following iptables rules can then be used to enforce which network the server listens to for these ports:
iptables -A INPUT -p ALL -s ! 192.168.0.0/24 --dport 834 -j DROP~]#
iptables -A INPUT -p ALL -s ! 192.168.0.0/24 --dport 835 -j DROP
This means that the server only allows connections to ports 834 and 835 if the requests come from the 192.168.0.0/24 network, regardless of the protocol.
Refer to Section 2.8, “Firewalls” for more information about implementing firewalls with iptables commands.