Restricting NFS daemons

Chuck Swiger cswiger at
Tue Jan 25 13:01:56 PST 2005

cpghost wrote:
> how can one configure NFS daemons (esp. mountd and rpcbind) so that they 
> listen only on one IP address (e.g. on

While some of the daemons are growing flags to bind only to specified 
addresses, it turns out to be unwise to depend on that capability alone to 
protect a fileserver.  If you want to do NFS securely, you need to protect the 
network by using a firewall which prevents source-routing and address spoofing 
of internal hosts.


More information about the freebsd-questions mailing list