From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 11 20:41:06 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4B02116A412
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Jan 2007 20:41:06 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 33D4113C461
	for <freebsd-questions@freebsd.org>;
	Thu, 11 Jan 2007 20:41:06 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay7.apple.com (a17-128-113-37.apple.com [17.128.113.37])
	by mail-out4.apple.com (8.13.8/8.13.8) with ESMTP id l0BJqBEh015947;
	Thu, 11 Jan 2007 11:52:11 -0800 (PST)
Received: from relay7.apple.com (unknown [127.0.0.1])
	by relay7.apple.com (Symantec Mail Security) with ESMTP id 61E513006A; 
	Thu, 11 Jan 2007 11:52:11 -0800 (PST)
X-AuditID: 11807125-a4252bb000006e4c-c5-45a6956ba0a0 
Received: from [17.214.13.96] (unknown [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay7.apple.com (Apple SCV relay) with ESMTP id 4F7D530065;
	Thu, 11 Jan 2007 11:52:11 -0800 (PST)
In-Reply-To: <45A688C0.2020506@u.washington.edu>
References: <45A688C0.2020506@u.washington.edu>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <B0288AAB-3220-43C5-AA0D-974F620D103B@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Thu, 11 Jan 2007 11:52:10 -0800
To: Garrett Cooper <youshi10@u.washington.edu>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: freebsd-questions@freebsd.org
Subject: Re: Improvement to IPFilter / nfsd in FBSD (6.2+?)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jan 2007 20:41:06 -0000

On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote:
> Just wondering if anyone has IPFilter / nfsd setup properly on  
> their boxes with any beta versions of FBSD.

It is typically not useful to implement firewall rules between NFS  
servers and legitimate NFS clients.

The large number of RPC services using randomly assigned ports needed  
by NFS and the fact that machines which trust each other enough to  
permit filesharing and generally utilize a common set of directory  
services to keep the user/group mappings synced mean that the NFS  
server & clients should be considered in the same "trust domain" in  
most cases.

> Also if you suggest 7-CURRENT, what's the CVS tag for that version?

The HEAD of the CVS tree (aka ".").  Updating the 7-CURRENT won't  
have any affect upon firewall configuration for NFS, however.

-- 
-Chuck