The RPC Portmapper Service is a service which ensures that certain applications end up at the right port. This is used, for example, for NFS / fileserver applications. Unfortunately, in the case of external access, this service can be abused as a 'reflector' / 'amplification' in order to contribute to a (D)DoS attack. Therefore, it is important that you disable this service or make it unreachable for external access.
How to make the remote access service unreachable can be found below for the most used firewalls:
Disabling the service
Disabling the portmapper service altogether is one of the most secure messures you can take. How you disable the service differs per OS, but in most cases, you can disable the portmapper service using the following commands:
systemctl stop rpcbind systemctl stop rpcbind.socket systemctl disable rpcbind systemctl disable rpcbind.socket
Firewalld (CentOS 7, DirectAdmin, Plesk, cPanel)
In Firewalld you can close port 111 (used by portmapper) by simply removing it from the open ports:
firewall-cmd --permanent --zone=public --remove-port=111/udp
You will then see "success" as feedback on the command line. When this is saved, you then reload the firewall for the new rule to take effect:
Please note! It is possible that you use a 'private' firewall so these commands do not work. This is the case, for example, when you use Plesk (here, you can close the ports via Tools & Settings > Firewall) or use an application such as ConfigServerSecurity & Firewall (CSF). You can, for example, also install and enable IPtables on CentOS 7 instead of firewalld. Check this first before you execute these commands.
IPtables (CentOS 6 and Ubuntu)
If you use IPtables, you can close the relevant port with the following command:
iptables -A INPUT -p udp --dport 111 -j DROP
Here too you will then have to 'reload' the firewall to activate the new rule:
iptables-save | sudo tee /etc/sysconfig/iptables service iptables restart
Please note! If you use Debian, iptables will not run as a service by default (see also the following article). In that case, you can choose to enable this via the command "apt-get install iptables-persistent".
Windows Server Firewall
The steps below are relevant for blocking the portmapper port in Windows Server 2008, 2012, 2016 & 2019.
Click the start button and use the search term 'Firewall'. Alternatively, you can also find the firewall in the Server Manager under 'Tools'.
Among the search results, 'Windows Firewall with Advanced Security' will appear. Click it.
Navigate to 'Inbound Rules', right click 'Inbound Rules' and choose 'New Rule'.
Select: 'Port' and click 'Next'.
Select 'UDP' and enter '111' at the specific local ports. Then click 'Next'.
Select 'Block the connection' and click 'Next'. On the next page, click 'Next' again.
Then, give your new rule a name and optionally a description.
If you still want to make the service available locally, you can also set specific IP addresses in the whitelist for the properties of this rule.
Testing the portmapper service
If you use an OS with a terminal on your client computer (such as OS X, BSD or Linux), you can use 'rpcinfo' to check if a portmapper service is still active.
rpcinfo -p [IP ADDRESS] -T udp
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.