> On 6/21/06, Clint Pachl <[EMAIL PROTECTED]> wrote: > > Because portmap(8) dynamically assigns the mountd(8) port, how would > > one write a pass rule in pf for mountd(8) traffic? My problem is that > > every time mountd(8) is re/started, it operates on a different port and > > my fixed pf rules block the mount protocol and, consequently, my > > clients cannot mount an NFS share. > > > > I read through RFC1094 "NFS: Network File System Protocol > > Specification" and RFC1057 "RPC: Remote Procedure Call Protocol > > Specification" looking for ways to statically bind the mount protocol > > to a port number. It doesn't look possible. > > http://www.freebsd.org/cgi/man.cgi?query=mountd > > It's definitely possible (Free and Net both offer the -p option).
I think that is completely ridiculous. Hardcoding RPC utilities to non-random ports .... to try to tie it to something else, to increase your security. Come on. By the time you have to do that, please just compile your own version of mountd with a diff.
