Let's say I have a home network of 3 computers, which share disks with NFS. What's the risk if all NFS-related ports are blocked on the firewall to the outside?
Assume some local configuration errors on your firewall and/or buggy system demons which may be used to gain r00t on it, and a local network behind this faulty machine where anything goes NFSwise because of the assumption that, because the number of nodes in your LAN is very small, you trust your users more than you would if you'd run a net of 100+ nodes. So there we have all these NFS shares, lingering around w/o protection in the internal LAN, and a cracker who just entered your vulnerable firewall...
So presumably you ensure general NFS access is root_squashed and that any NFS mounts are explicitely noaccessed from the firewall. Is there anything else you could do to reduce the risk? Apart from not running any services on the firewall and setting it up right ;0). JB -- John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University "Hey, I wonder how much meat you get on a womble?" -- Eddie