Restricting NFS daemons
cswiger at mac.com
Tue Jan 25 13:01:56 PST 2005
> how can one configure NFS daemons (esp. mountd and rpcbind) so that they
> listen only on one IP address (e.g. on 192.168.1.1)?
While some of the daemons are growing flags to bind only to specified
addresses, it turns out to be unwise to depend on that capability alone to
protect a fileserver. If you want to do NFS securely, you need to protect the
network by using a firewall which prevents source-routing and address spoofing
of internal hosts.
More information about the freebsd-questions