* Volker Kuhlmann wrote on Wed, Feb 19, 2003 at 10:35 +1300:
Is there any alternative to this ?
NFS is a pain. In theory, you need a packet filter which listens in on the portmaper exchange and on the fly opens and closes the udp ports actually being used.
Yes, it is... Closing ports on the fly? This results in blocking unused ports, if I undertstood correctly. I don't think that this is so horrible to have unused ports open. Firewalling access except a few, trusted IPs is not that bad at all, and on the NFS server and/or the client you could roll out additional some local rules, but UDP packet source addresses are easy to spoof (or "set", "spoof" sounds so complicated :)). Some RPC services can be configured to listen on specified ports, maybe nfsd have this feature also? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.