From owner-freebsd-net@FreeBSD.ORG  Fri Jun 15 08:40:15 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3F8DD16A41F
	for <freebsd-net@freebsd.org>; Fri, 15 Jun 2007 08:40:15 +0000 (UTC)
	(envelope-from eugen@www.svzserv.kemerovo.su)
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su
	[213.184.65.80])
	by mx1.freebsd.org (Postfix) with ESMTP id 9B75113C46E
	for <freebsd-net@freebsd.org>; Fri, 15 Jun 2007 08:40:14 +0000 (UTC)
	(envelope-from eugen@www.svzserv.kemerovo.su)
Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1])
	by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id l5F8PGB9096538;
	Fri, 15 Jun 2007 16:25:16 +0800 (KRAST)
	(envelope-from eugen@www.svzserv.kemerovo.su)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id l5F8PGbv096537;
	Fri, 15 Jun 2007 16:25:16 +0800 (KRAST) (envelope-from eugen)
Date: Fri, 15 Jun 2007 16:25:16 +0800
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: Jeremie Le Hen <jeremie@le-hen.org>
Message-ID: <20070615082516.GA96373@svzserv.kemerovo.su>
References: <20070615072734.GC8093@obiwan.tataz.chchile.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070615072734.GC8093@obiwan.tataz.chchile.org>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-net@freebsd.org
Subject: Re: Firewalling NFS
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2007 08:40:15 -0000

On Fri, Jun 15, 2007 at 09:27:35AM +0200, Jeremie Le Hen wrote:
> Hi,
> 
> It appears nearly impossible to firewall a NFS server on FreeBSD.
> The reason is that NFS related daemons use RPC, which means they
> don't bind to a deterministic port.  Only mountd(8) can be requested to
> bind to a specific port or fail with the -p command-line switch.
> Is there any reason other than "no one has needed this yet" why this
> option is not available for nfsd(8), rpc.lockd(8) and rpc.statd(8)?

Why do you need such option for nfsd(8) in first place?

Eugene Grosbein