On Mon, 9 Oct 2006 05:01:15 -0700, "Andy Ruhl" <acruhl@gmail.com> wrote:

> I just used pf to block everything I didn't want one of my interfaces to see.
> 
> Sorry for being dense, but why does this cause a problem with the
> portmapper in your setup? I don't seem to have any problems, but I
> don't have a large number of NFS clients either...
> 
There are no guarantees about what port numbers are assigned.  Today, on
one particular reboot, it used the ports I mentioned.  A code change or a
boot order change could change that, which would silently leave the
services exposed.


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb