netbsd-users: Re: restricting NFS (and associated services) to one IP address

Subject: Re: restricting NFS (and associated services) to one IP address
To: None <netbsd-users@netbsd.org>
From: Michael van Elst <mlelstv@serpens.de>
List: netbsd-users
Date: 10/10/2006 05:45:38

acruhl@gmail.com ("Andy Ruhl") writes:

>If it were possible to bind NFS to an IP and not expose them to the
>internet (thereby implying a multi homed host), would your answer be
>the same?

Mine would be the same. There are several complex mechanisms to
inject IP packets to arbitrary destinations, your firewall or
packet filter add a protection layer in front of these.h

Binding to an non-public IP is a weak safetey measure.

-- 
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."