> > >Thanks Darren/Casper for your replies. > >your replies have led to demystify lot of things ... > >can you suggest some ways to bind the rpc program > with fixed port on the portmapper which should i > nvolve minimal code changes as there are inherent > dependencies with other system.. > >Regards, > > > The program which registers with the portmapper will > need to bind to > the addresses themselves. You can find sample code > in nfsd, lockd > etc.
And if that program is (the smf-modified) inetd? Yuck. Firewalls and dynamic ports are ugly. If there were a way to trigger some action when a port was (de)registered with rpcbind, that might help; whether that action was to add an ipf rule, or to communicate the (de)registration to a separate firewall (although I don't know if there's any standard approach to the latter). IMO, ideally, one could create plugins for rpcbind that could have register() and deregister() entry points, the former of which to be called _before_ registering (so it could return nz to deny) and the latter after deregistering (it might as well return void since there's no point denying that, esp. after the fact). Alternatively, if one could give either inetd (for when it (de)registers rpc services) or standalone server processes a "suggestion" as to which port(s) they should prefer, that might help a little. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
