Hello,
I tried to block incomeing port 111. It´s not possible to disable the rpcbind service, because we use nfs as internal storage.
The cluster is set up with 3 nodes.
But port 111 is still open from the internet. Is there another way to close this port?
Thank you in advance.
I tried to block incomeing port 111. It´s not possible to disable the rpcbind service, because we use nfs as internal storage.
The cluster is set up with 3 nodes.
Code:
root@host1:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 30M packets, 45G bytes)
pkts bytes target prot opt in out source destination
1087 57653 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:11211
505 20576 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11211
310 23937 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353
18154 1525K ACCEPT udp -- * * 172.16.0.0/16 0.0.0.0/0 udp dpt:111
0 0 ACCEPT udp -- * * 127.0.0.1 0.0.0.0/0 udp dpt:111
307K 21M DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 24M packets, 111G bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
root@host2:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 90M packets, 138G bytes)
pkts bytes target prot opt in out source destination
18147 1524K ACCEPT udp -- * * 172.16.0.0/16 0.0.0.0/0 udp dpt:111
0 0 ACCEPT udp -- * * 127.0.0.1 0.0.0.0/0 udp dpt:111
316K 21M DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 60M packets, 233G bytes)
pkts bytes target prot opt in out source destination
root@host3:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 95M packets, 188G bytes)
pkts bytes target prot opt in out source destination
18156 1525K ACCEPT udp -- * * 172.16.0.0/16 0.0.0.0/0 udp dpt:111
0 0 ACCEPT udp -- * * 127.0.0.1 0.0.0.0/0 udp dpt:111
349K 24M DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 78M packets, 194G bytes)
pkts bytes target prot opt in out source destination
But port 111 is still open from the internet. Is there another way to close this port?
Thank you in advance.