disable rpcbind

rpcbind is required for NFSv2 and v3 . It seems this gets installed by nfs-common. It was never used by us since the firewall blocks port 111 anyways. NFSv3 needs 2049 for NFS, 111 for portmap, 635 for mountd, 4045 for NLM, 4046 for NSM, 4049 for rquota ... NFSv4 works better because there's just a single target port, plus the "heartbeat" of lease renewal would keep the TCP/IP session alive. https://serverfault.com/questions/949127/nfs-client-firewall-settings-and-rpcbind https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-methodology-portmap.html#s2-nfs-methodology-portmap https://community.netapp.com/t5/Tech-ONTAP-Blogs/NFSv3-and-NFSv4-What-s-the-difference/ba-p/441316
2024-06-27 14:34:37 +02:00
parent a8059c49e9
commit 082e659c7b
3 changed files with 11 additions and 0 deletions
--- a/scripts/init-ubuntu.sh
+++ b/scripts/init-ubuntu.sh
@@ -199,6 +199,10 @@ systemctl disable postfix || true
 # on vultr, ufw is enabled by default. we have our own firewall
 ufw disable || true

+# nfs-common depends on rpcbind which is only needed for NFS v2/v3 . systemctl list-sockets | grep 111
+systemctl disable rpcbind.socket rpcbind.service || true
+systemctl stop rpcbind.socket rpcbind.service || true
+
 # Ubuntu 22 has private home directories by default (https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/)
 sed -e 's/^HOME_MODE\([[:space:]]\+\).*$/HOME_MODE\10755/' -i /etc/login.defs