From owner-freebsd-questions@freebsd.org Tue Aug 4 21:07:34 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9266F37F7A4 for ; Tue, 4 Aug 2020 21:07:34 +0000 (UTC) (envelope-from dr.klepp@gmx.at) Received: from vie01a-dmta-at50-2.mx.upcmail.net (vie01a-dmta-at50-2.mx.upcmail.net [62.179.121.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BLnQF53q8z3cv1 for ; Tue, 4 Aug 2020 21:07:33 +0000 (UTC) (envelope-from dr.klepp@gmx.at) Received: from [172.31.216.41] (helo=vie01a-pemc-psmtp-at50) by vie01a-dmta-at50.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1k349h-0006ZT-D8 for freebsd-questions@freebsd.org; Tue, 04 Aug 2020 23:07:29 +0200 Received: from x61.lan ([85.126.97.210]) by vie01a-pemc-psmtp-at50 with SMTP @ mailcloud.upcmail.net id BZ7V2300E4YLlkt0BZ7VbB; Tue, 04 Aug 2020 23:07:29 +0200 X-SourceIP: 85.126.97.210 X-CNFS-Analysis: v=2.2 cv=O6RJhF1W c=1 sm=2 tr=0 cx=a_idp_f a=/Ac8Q0O/YFE5LOLfUiYZVw==:117 a=/Ac8Q0O/YFE5LOLfUiYZVw==:17 a=8nJEP1OIZ-IA:10 a=6I5d2MoRAAAA:8 a=eHL4P6T5Issbh7DMBnkA:9 a=wPNLvfGTeEIA:10 a=mL032U4Dr3kA:10 a=Cwvrka5r01MA:10 a=IjZwj45LgO3ly-622nXo:22 From: "Dr. Nikolaus Klepp" To: freebsd-questions@freebsd.org Subject: Re: How to secure NFS? Date: Tue, 4 Aug 2020 23:07:34 +0200 User-Agent: KMail/1.9.10 References: In-Reply-To: X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <202008042307.34450.dr.klepp@gmx.at> X-Rspamd-Queue-Id: 4BLnQF53q8z3cv1 X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of dr.klepp@gmx.at does not designate 62.179.121.137 as permitted sender) smtp.mailfrom=dr.klepp@gmx.at X-Spamd-Result: default: False [6.17 / 15.00]; RCVD_TLS_LAST(0.00)[]; R_SPF_FAIL(1.00)[-all]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmx.at]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[gmx.at]; NEURAL_SPAM_MEDIUM(1.02)[1.018]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.60)[0.602]; NEURAL_SPAM_LONG(0.75)[0.746]; MID_CONTAINS_FROM(1.00)[]; FROM_NAME_HAS_TITLE(1.00)[dr]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6830, ipnet:62.179.0.0/17, country:AT]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.at]; RCVD_IN_DNSWL_LOW(-0.10)[62.179.121.137:from] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2020 21:07:34 -0000 Anno domini 2020 Tue, 4 Aug 22:43:08 +0200 Dhananjay Balan scripsit: > Hi, > > I am trying to run an NFS server following > https://www.freebsd.org/doc/handbook/network-nfs.html (on 12.1-RELEASE-p6). > > It doesn't touch at all about securing this server, is there any such > documentation? I use NFS over SSH. Nik > > Also my pf never sees any of these packets. I have block in all on the > file with explicit pass in rules and this just works :/ How is it > completely by-passing my firewall? > > Regards, > Dhananjay Balan > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...