Subject: Re: restricting NFS (and associated services) to one IP address
To: None <netbsd-users@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-users
Date: 10/09/2006 20:11:09
Steven M. Bellovin wrote:
> On Mon, 9 Oct 2006 19:43:48 +0200, Christian Biere <christianbiere@gmx.de>
> wrote:
> > What about VLAN or a virtual private LAN dedicated to NFS?

> Yes, that's precisely what I'm talking about -- but how do I make sure that
> the NFS-related services are only accessible from that [V]LAN?

I'd either patch or LD_PRELOAD it (to overwrite socket syscalls) to bind to the
given network (10.0.0.0/8 or whatever) only, if you don't need rpcbind(?) for
anything else. See init_transport() in rpcbind.c.

-- 
Christian