• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved firewall block port 111 rpcbind

T

TomBoB

Silver Pleskian
Hi,

would like to block port 111 for incoming external communication. As that needs to be on a production machine, there is no room for error. Running CentOS7 with latest plesk.
Have researched it but the normal Plesk firewall seems not to be capable of doing advanced setups. Using CLI, I ran into the this and this article which to me are contradictory.
Another article I read through is this one.

Principally we'd like to reject packets by sending back a tcp-reset.

Anyone who can help?

Cheers, Tom
 
Before iptables rule on server I see:

Code: 
[root@ppu17-8 ~]# lsof -i udp:111
COMMAND   PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
rpcbind 20530  rpc    6u  IPv4 1315533731      0t0  UDP *:sunrpc
rpcbind 20530  rpc    9u  IPv6 1315533734      0t0  UDP *:sunrpc

Code: 
[root@ppu12-5 ~]# telnet 10.58.108.108 111
Trying 10.58.108.108...
Connected to 10.58.108.108.
Escape character is '^]'.

Then I enabled following iptables rule on server:

Code: 
[root@ppu17-8 ~]# iptables -A INPUT -p tcp -m tcp --dport 111 -j REJECT --reject-with tcp-reset

and I see no connection from outside:

Code: 
[root@ppu12-5 ~]# telnet 10.58.108.108 111
Trying 10.58.108.108...
telnet: connect to address 10.58.108.108: Connection refused

I hope it will help.
 
You must log in or register to reply here.

Similar threads

T
Question Using an external firewall to block Plesk ports
Replies
3
Views
2K
thinkjarvis
T
C
Question Securing Docker ports to local access only with firewalld
Replies
8
Views
9K
captainhook
C
S
Question Plesk Firewall do not block connections to Docker container
Replies
0
Views
2K
shopuser
S
P
Issue block per ip in firewall rules
Replies
2
Views
1K
Pavlo.UA
P
Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
2K
Liwindo
Liwindo
Back
Top