I'm trying to lock down my server, which, for historical reasons *has* to run the various nis services. No problem, I'll just block the ports that ypfrx, yppasswdd, ypbind, etc bind to. However, it seems that they choose a different port each time. As I don't want to switch to the 'block everything, only open needed' methodology (too much overhead to keep all my clients working), how do I force the various nis services to use only certain specified ports? Looking at the man page, some of them take a -p switch, but putting that into the /etc/init.d/nis file in the --exec line 1) doesn't seem to work and 2) would be overwritten by the next upgrade (iirc, the init scripts are not marked as config files). Any ideas?
Thanks! D.A.Bishop
