Date: Fri, 15 Jun 2007 14:59:50 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: freebsd-net@FreeBSD.org Subject: Re: Firewalling NFS Message-ID: <20070615105950.GH3779@void.codelabs.ru> In-Reply-To: <20070615072734.GC8093@obiwan.tataz.chchile.org> References: <20070615072734.GC8093@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremie, good day.
Fri, Jun 15, 2007 at 09:27:35AM +0200, Jeremie Le Hen wrote:
> It appears nearly impossible to firewall a NFS server on FreeBSD.
> The reason is that NFS related daemons use RPC, which means they
> don't bind to a deterministic port. Only mountd(8) can be requested to
> bind to a specific port or fail with the -p command-line switch.
> Is there any reason other than "no one has needed this yet" why this
> option is not available for nfsd(8), rpc.lockd(8) and rpc.statd(8)?
NFSD binds to the port nfsd (2049) and for my -CURRENT both lockd
and statd have '-p' options:
-----
$ man rpc.lockd rpc.statd | grep -- -p
rpc.lockd [-d debug_level] [-g grace period] [-p port]
-p The -p option allow to force the daemon to bind to the specified
rpc.statd [-d] [-p port]
-p The -p option allow to force the daemon to bind to the specified
-----
Are we talking about same entities?
--
Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615105950.GH3779>