Firewalling NFS

[Alfred Perlstein]

* Jeremie Le Hen <jeremie at le-hen.org> [070615 01:07] wrote:
> Hi,
> 
> It appears nearly impossible to firewall a NFS server on FreeBSD.

I would be nearly impossible if one didn't know much about NFS.

Care to rephrase your assertion?

> The reason is that NFS related daemons use RPC, which means they
> don't bind to a deterministic port.  Only mountd(8) can be requested to
> bind to a specific port or fail with the -p command-line switch.
> Is there any reason other than "no one has needed this yet" why this
> option is not available for nfsd(8), rpc.lockd(8) and rpc.statd(8)?

this is wrong, wrong and more wrong.

-- 
- Alfred Perlstein