Date: Mon, 11 Apr 2005 23:19:15 -0700 From: Sandy Rutherford <sandy@krvarr.bc.ca> To: norgaard@locolomo.org Cc: freebsd-questions@freebsd.org Subject: Re: IPFILTER and NFS Message-ID: <16987.26723.321229.93726@szamoca.krvarr.bc.ca> In-Reply-To: <424FCDD3.6040507@locolomo.org> References: <424F8B94.7050006@atopia.net> <424FCDD3.6040507@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Sun, 03 Apr 2005 13:04:51 +0200,=20 >>>>> Erik N=F8rgaard <norgaard@locolomo.org> said: > This limits the number of ports relevant to 59, 111 and 2049. You ca= n't=20 > force lockd and statd to bind to specific ports (they are alos RPC=20= > services) and AFAIK you can't have disk quotas work correctly becaus= e of=20 > this. > AFAIK NFS4 should address these problems, but the NFS4 server is sti= ll=20 > experimental. > Till then, RPC is a security nightmare. Indeed it is. It's not as good as firewall protection; however, tcp_wrappers can be used to beef up RPC security somewhat. See /etc/hosts.allow. Sandy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16987.26723.321229.93726>