Jason Edgecombe <[email protected]> writes: > In light of the recent security announcement, I would like to review the > open firewall ports on my AFS servers. > > For quick reference, here are the ports from the afsd man page: > > fileserver 7000/udp > cachemanager 7001/udp > ptserver 7002/udp > vlserver 7003/udp > kaserver 7004/udp (not needed with Kerberos v5) > volserver 7005/udp > reserved 7006/udp (for future use) > bosserver 7007/udp > > Which of these ports need to be open inbound for off-site clients to work > properly?
7000 and 7005 on file servers, 7002 and 7003 on VLDB servers. 7007 only if you want to allow bos access from off-site. > Would it hurt anything to block port 7001 inbound on a fileserver or DB > server running an AFS client? No. You only need port 7001 open to AFS file servers that you want to talk to. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
