Date: Thu, 11 Jan 2007 11:52:10 -0800 From: Chuck Swiger <cswiger@mac.com> To: Garrett Cooper <youshi10@u.washington.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Improvement to IPFilter / nfsd in FBSD (6.2+?) Message-ID: <B0288AAB-3220-43C5-AA0D-974F620D103B@mac.com> In-Reply-To: <45A688C0.2020506@u.washington.edu> References: <45A688C0.2020506@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote: > Just wondering if anyone has IPFilter / nfsd setup properly on > their boxes with any beta versions of FBSD. It is typically not useful to implement firewall rules between NFS servers and legitimate NFS clients. The large number of RPC services using randomly assigned ports needed by NFS and the fact that machines which trust each other enough to permit filesharing and generally utilize a common set of directory services to keep the user/group mappings synced mean that the NFS server & clients should be considered in the same "trust domain" in most cases. > Also if you suggest 7-CURRENT, what's the CVS tag for that version? The HEAD of the CVS tree (aka "."). Updating the 7-CURRENT won't have any affect upon firewall configuration for NFS, however. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B0288AAB-3220-43C5-AA0D-974F620D103B>