mikkel/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Block portmapper (port 111) from public internet

Browse source 
Fix for CERT-Bund security notification about exposed rpcbind service.
Added iptables rules to drop port 111 on vmbr0 (public interface).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mikkel Georgsen 2026-01-14 12:54:04 +00:00
parent 6c48c71a4f
commit b335488823
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
homelab-documentation.md
View file

@ -93,6 +93,15 @@ iface vmbr2 inet static
NAT masquerade enabled for 10.5.0.0/24 → vmbr0
### Firewall Rules (INPUT on vmbr0)
| Protocol | Port | Action | Purpose |
|----------|------|--------|---------|
| TCP | 111 | DROP | Block portmapper from internet |
| UDP | 111 | DROP | Block portmapper from internet |
Saved with: `netfilter-persistent save`
### DHCP (dnsmasq)
- Range: 10.5.0.100 - 10.5.0.200
- Lease time: 24h