On 10/9/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> On Mon, 9 Oct 2006 05:01:15 -0700, "Andy Ruhl" <acruhl@gmail.com> wrote:
>
> > I just used pf to block everything I didn't want one of my interfaces to see.
> >
> > Sorry for being dense, but why does this cause a problem with the
> > portmapper in your setup? I don't seem to have any problems, but I
> > don't have a large number of NFS clients either...
> >
> There are no guarantees about what port numbers are assigned.  Today, on
> one particular reboot, it used the ports I mentioned.  A code change or a
> boot order change could change that, which would silently leave the
> services exposed.

Ahh, I was assuming a "block all except" type setup on the interface
you don't want to have NFS listening on. If you can't do that, then
filtering isn't going to work on the portmapper. Thanks.

Andy