rpc Service

SunScreen EFS 3.0 contains a state engine to handle the RPC protocols. This can safely screen RPC protocols, as long as they use the portmapper and do not use dynamic RPC program values.

To define a new RPC service, add a new service entry using both the rpc_udp and pmap_udp state engines. You specify the well-known RPC program of the RPC service you wish to pass. If you specify "*" for the RPC program, the service entry passes all RPC services, regardless of program.

Several well-known RPC services, such as NFS and NIS, have been defined to include all the RPC and non-RPC protocols that these systems require.

Some NFS clients use the lock manager. Since a lock manager makes connections in both directions (to NFS server and from NFS server) you may need to use the nlm service when you allow NFS access.

Service
Source
Destination
Action
nfsInside
DMZ
allow
nlmDMZ
Inside
allow

Broadcast port mapping (NIS) is not supported for encrypted connections.