Date: Tue, 25 Jan 2005 16:01:30 -0500 From: Chuck Swiger <cswiger@mac.com> To: cpghost <cpghost@cordula.ws> Cc: freebsd-questions@freebsd.org Subject: Re: Restricting NFS daemons Message-ID: <41F6B3AA.8060608@mac.com> In-Reply-To: <41F640BA.2040707@cordula.ws> References: <41F640BA.2040707@cordula.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
cpghost wrote: > how can one configure NFS daemons (esp. mountd and rpcbind) so that they > listen only on one IP address (e.g. on 192.168.1.1)? While some of the daemons are growing flags to bind only to specified addresses, it turns out to be unwise to depend on that capability alone to protect a fileserver. If you want to do NFS securely, you need to protect the network by using a firewall which prevents source-routing and address spoofing of internal hosts. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F6B3AA.8060608>