Public bug reported: There is no way to prevent rpcbind from listening on all interfaces for TCP connections. The setting "-h" only applies to UDP connections. There is a bug and fix from 2007:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=84494 The link to the fix gives a 404 for me, but it probably is in their VCS. How to reproduce: 1. install rpcbind 2. in /etc/default/rpcbind: OPTIONS="$OPTIONS -h 192.168.255.1" 3. restart rpcbind root@node1 ~ # netstat -lnp | grep rpcbind tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 8982/rpcbind tcp6 0 0 :::111 :::* LISTEN 8982/rpcbind udp 0 0 192.168.255.1:111 0.0.0.0:* 8982/rpcbind udp 0 0 127.0.0.1:111 0.0.0.0:* 8982/rpcbind udp 0 0 0.0.0.0:677 0.0.0.0:* 8982/rpcbind udp6 0 0 ::1:111 :::* 8982/rpcbind udp6 0 0 :::677 :::* 8982/rpcbind The same applies to rpc.statd: even when supplying the -n, --name ipaddr | hostname Specifies the bind address used for RPC listener sockets. option, it still listens on all interfaces, while '--outgoing-port' and '--port' work as expected: /etc/default/nfs-common: STATDOPTS="--name 192.168.255.1 --port 32765 --outgoing-port 32766" root@node1 ~ # netstat -lnp | grep rpc.statd tcp 0 0 0.0.0.0:32765 0.0.0.0:* LISTEN 8988/rpc.statd tcp6 0 0 :::32765 :::* LISTEN 8988/rpc.statd udp 0 0 0.0.0.0:32765 0.0.0.0:* 8988/rpc.statd udp 0 0 127.0.0.1:684 0.0.0.0:* 8988/rpc.statd udp6 0 0 :::32765 :::* 8988/rpc.statd ** Affects: rpcbind (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1430181 Title: rpcbind/rpc.statd listen on all interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1430181/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
