IPFILTER and NFS
Sandy Rutherford
sandy at krvarr.bc.ca
Mon Apr 11 23:19:35 PDT 2005
>>>>> On Sun, 03 Apr 2005 13:04:51 +0200,
>>>>> Erik Nørgaard <norgaard at locolomo.org> said:
> This limits the number of ports relevant to 59, 111 and 2049. You can't
> force lockd and statd to bind to specific ports (they are alos RPC
> services) and AFAIK you can't have disk quotas work correctly because of
> this.
> AFAIK NFS4 should address these problems, but the NFS4 server is still
> experimental.
> Till then, RPC is a security nightmare.
Indeed it is. It's not as good as firewall protection; however,
tcp_wrappers can be used to beef up RPC security somewhat. See
/etc/hosts.allow.
Sandy
More information about the freebsd-questions
mailing list