While commenting out the portmap references in /etc/init.d/netbase (Slink) to close the SunRPC port, I noticed that the spoofprotect() rules to "deny incoming packets pretending to be from our own system" were commented out.
1) why is this -- because they require an IP address, don't work, or the ipmasq rules (which I'm using) supercede them? In other words, should I add my WAN/Internet IP and uncomment the rules? (configuration is: eth0 connects to Internet, eth1 connects to private LAN, with ipmasq in between) 2) do any services other than RPC need portmap? Thanks for any help! Tod abl.com
