<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
if you have the mentionned file
(/usr/lib/systemd/system/rpcbind.socket) then systemd will open
whatever port is described in there and pass it pre-opened to
rpcbind.<br>
<br>
systemd has no idea what that port is for and the file mentionned
above was provided to systemd by the rpcbind package. You should
really ask the rpcbind people what it is for, systemd is just the
messenger here...<br>
<br>
<div class="moz-cite-prefix">On 26/01/2018 03:48, Bao Nguyen wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOMLVFLROOY+yXj3Ue7h5hxe0mCTJbg8Ku+Xm7cLoTBLuc0fyA@mail.gmail.com">
<pre wrap="">Hello evryone,
I would like to ask you a question regarding the new random UDP port in
rpcbind 0.2.3.
In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through
rpcbind.service, then I do netstat
udp 0 0 0.0.0.0:111 0.0.0.0:*
10408/rpcbind
udp 0 0 0.0.0.0:831 0.0.0.0:*
10408/rpcbind
udp6 0 0 :::111 :::*
10408/rpcbind
udp6 0 0 :::831 :::*
10408/rpcbind
The rpcbind does not only listen on port 111 but also on a random udp port
"831" in this case, this port is changed every time the rpcbind service
retstarts. And it listens on 0.0.0.0 so it opens a hole on security.
I have looked into the change of rpcbind 0.2.3 and found the change "
rpcbind: add support for systemd socket activation", it calls a
function sd_listen_fds, I do not know much about systemd socket activation
programming, does the "831" port is generated from rpcbind to communicate
with systemd socket activation?
Could you please let me know what this port is for and is there any way to
avoid that like force it listen on a internal interface rather than on any
interfaces like that? As the rpcbind is started from systemd so "-h" option
is invalid as the man page says:
-h Specify specific IP addresses to bind to for UDP requests. This
option may be specified multiple times and can be used to restrict the
interfaces rpcbind will respond to. Note that when rpcbind is controlled
via sys-
temd's socket activation, the -h option is ignored. In this
case, you need to edit the ListenStream and ListenDgram definitions in
/usr/lib/systemd/system/rpcbind.socket instead.
Thanks a lot,
Brs,
Bao
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
systemd-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:systemd-devel@lists.freedesktop.org">systemd-devel@lists.freedesktop.org</a>
<a class="moz-txt-link-freetext" href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div>
<link href="https://fonts.googleapis.com/css?family=Raleway"
rel="stylesheet" type="text/css">
<font face="Raleway, regular">
<table style="padding:20px;margin-bottom:-10px" border="0">
<tbody>
<tr>
<td style="font-size:13px; color:#ff8054; text-align:
center; padding-right:30px"> <a
href="http://www.smile.eu/"> <img
style="max-width:100%; height:auto"
src="http://ftp.smile.fr/client/Communication/signature/img/Logo-new.png"
alt="SMILE"> </a><br>
<br>
<p style="line-heigth:8px">20 rue des Jardins<br>
92600 Asnières-sur-Seine</p>
</td>
<td style="border-left: 1px solid #3b7ffe;
padding-left:20px; font-size:13px; color:#ff8054;">
<div style="color:#ff8054; font-size:14px;"> <b>Jérémy
ROSEN</b> </div>
<div style="color:#3b7ffe; font-size:13px;">
Architecte technique<br>
Responsable de l'expertise Smile-ECS </div>
<br>
<div style="color:#3b7ffe; font-size:13px;"> <span
style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/mail.png"
alt="email" width="12" height="10"> <a
href="mailto:jeremy.rosen@smile.fr"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">jeremy.rosen@smile.fr</a>
</span> <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/phone.png"
alt="phone" width="10" height="10"></span>
+33141402967 <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/web.png"
alt="url" width="12" height="12">
<a href="http://www.smile.eu"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">http://www.smile.eu</a> </span>
</div>
<br>
<div> <span><a style="margin-right:5px"
href="https://twitter.com/GroupeSmile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-twitter.png"
alt="Twitter" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.facebook.com/smileopensource"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-facebook.png"
alt="Facebook" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.linkedin.com/company/smile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-linkedin.png"
alt="LinkedIn" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://github.com/Smile-SA"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-github.png"
alt="Github" style="max-width:100%;
height:auto"></a></span> </div>
</td>
</tr>
</tbody>
</table>
<br>
<div> <a
href="http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature"><img
src="http://signature.smile.eu/assets/img/bandeau_mail_smile2017.gif.gif"
alt="Découvrez l’univers Smile, rendez-vous sur
smile.eu" border="0"></a></div>
<br>
<div style="color:#a3acb5; font-size:10px;"> <img
src="http://ftp.smile.fr/client/Communication/signature/img/eco.png"
alt="eco" width="13" height="11"> Pour la planète,
n'imprimez ce mail que si c'est nécessaire </div>
</font>
</div>
</div>
</body>
</html>