» Linux » Examen sur Linux » Examen 201 : Advanced Administration » Section 5 » Question 6/23
6.You have been asked to block network access to an NFS sever. You need to block all access except NFS access. Which of the following actions would you take to achieve this?

Make sure that xinetd is switched off.
Place "ALL: ALL" in /etc/hosts.deny and "NFS: ALL" in /etc/hosts.allow
Add IPChains rules to deny all incoming packets except for portmapper
Place "ALL: ALL" in /etc/hosts.deny and "port map: ALL" in /etc/hosts.allow
Ensure that the nfs-access.o module is configured into the kernel and use the command "nfs-ctlallow <your IP range>" to provide the required access

Explanation: The hosts.allow file is read before the hosts.deny file. This means that you can block access to 'all' in the hosts.deny file, but allow access to specific ports by specific hosts in the hosts.allow file. In this answer, we are blocking all ports to all hosts in the hosts.deny file. However, we are allowing access to the port map service for all hosts in the hosts.allow file. (The port map service is for access to NFS).

Reference: http://www.mandrakeuser.org/docs/connect/cnfs2.html

Incorrect Answers
A: Xinetd must be running.
B: NFS uses the portmapper service. Therefore, you should enter 'port map: ALL' in the hosts.allow file.
C: IPChains is a firewall program. This may work (if you have IPChains running), however using the hosts.allow and hosts.deny files is much simpler.
E: The module and command in this question don't exist or are incorrectly named.
« Question 5 Question 7 »