rpc Service
SunScreen contains a state engine to handle the RPC protocols. This can safely screen RPC protocol as long as they use the portmapper and do not use dynamic RPC program values.
To define a new RPC service, add a new service entry using both the rpc_udp and pmap_udp state engines. You specify the well-known RPC program of the RPC service you wish to pass. If you specify * for the RPC program, the service entry passes all RPC services, regardless of program.
Several well-known RPC services, such as NFS and NIS, have been defined to include all the RPC and non-RPC protocols that these systems require.
Some NFS clients use the lock manager. Since a lock manager makes connections in both directions (to NFS server and from NFS server) you may need to use the nlm service when you allow NFS access.
|
Service |
Source |
Destination |
Action |
|---|---|---|---|
| nfs | Inside | DMZ | allow |
| nlm | DMZ | Inside | allow |
Broadcast port mapping (NIS) is not supported for encrypted connections.
- © 2010, Oracle Corporation and/or its affiliates