Resolved firewall block port 111 rpcbind

[TomBoB]

Hi,

would like to block port 111 for incoming external communication. As that needs to be on a production machine, there is no room for error. Running CentOS7 with latest plesk.
Have researched it but the normal Plesk firewall seems not to be capable of doing advanced setups. Using CLI, I ran into the this and this article which to me are contradictory.
Another article I read through is this one.

Principally we'd like to reject packets by sending back a tcp-reset.

Anyone who can help?

Cheers, Tom

 

[IgorG]

Before iptables rule on server I see:

[root@ppu17-8 ~]# lsof -i udp:111
COMMAND   PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
rpcbind 20530  rpc    6u  IPv4 1315533731      0t0  UDP *:sunrpc
rpcbind 20530  rpc    9u  IPv6 1315533734      0t0  UDP *:sunrpc

[root@ppu12-5 ~]# telnet 10.58.108.108 111
Trying 10.58.108.108...
Connected to 10.58.108.108.
Escape character is '^]'.

Then I enabled following iptables rule on server:

[root@ppu17-8 ~]# iptables -A INPUT -p tcp -m tcp --dport 111 -j REJECT --reject-with tcp-reset

and I see no connection from outside:

[root@ppu12-5 ~]# telnet 10.58.108.108 111
Trying 10.58.108.108...
telnet: connect to address 10.58.108.108: Connection refused

I hope it will help.

 

[TomBoB]

Thanks Igor, as always you're of great help!

Cheers, Tom