[OpenAFS] Which inbound ports need to be open for AFS servers?
Mon, 06 Apr 2009 18:34:33 -0700
Jason Edgecombe <email@example.com> writes:
> In light of the recent security announcement, I would like to review the
> open firewall ports on my AFS servers.
> For quick reference, here are the ports from the afsd man page:
> fileserver 7000/udp
> cachemanager 7001/udp
> ptserver 7002/udp
> vlserver 7003/udp
> kaserver 7004/udp (not needed with Kerberos v5)
> volserver 7005/udp
> reserved 7006/udp (for future use)
> bosserver 7007/udp
> Which of these ports need to be open inbound for off-site clients to work
7000 and 7005 on file servers, 7002 and 7003 on VLDB servers. 7007 only
if you want to allow bos access from off-site.
> Would it hurt anything to block port 7001 inbound on a fileserver or DB
> server running an AFS client?
No. You only need port 7001 open to AFS file servers that you want to
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>