rpc Service
SunScreen contains a state engine to handle the RPC protocols. This can safely screen RPC protocol as long as they use the portmapper and do not use dynamic RPC program values.
To define a new RPC service, add a new service entry using both the rpc_udp and pmap_udp state engines. You specify the well-known RPC program of the RPC service you wish to pass. If you specify * for the RPC program, the service entry passes all RPC services, regardless of program.
Several well-known RPC services such as NFS and NIS have been defined to include all the RPC and non-RPC protocols that these systems require.
Some NFS clients use the lock manager. Because the lock manager makes connections in both directions (to NFS server and from NFS server), you may need to use the nlm service when you allow NFS access as shown in the following example:
|
Service |
Source |
Destination |
Action |
|---|---|---|---|
| nfs | Inside | DMZ | allow |
| nlm | DMZ | Inside | allow |
Broadcast port mapping (NIS) is not supported for encrypted connections.
- © 2010, Oracle Corporation and/or its affiliates