Rodney Hopkins wrote:
I want to run a NFS server on OpenBSD with pf enabled
and configured only allow the required inbound ports
needed to allow NFS mounts to work.
The thing is, the only way I've successfully been
able to do this is to exclude ports <1024 from being
blocked inbound by pf. This is due to the fact that
mountd changes the port(s) it is bound to on every
reboot or restart of mountd and it always seems to
bind to ports <1024.
Am I missing something here? Is there a better/more
restrictive way to do this? Can I force mountd to
bind to specific predictable port(s) so that I can
write pf rules to only open the ports needed to allow
inbound NFS request/mounts?
I've googled, checked the FAQs and searched the archives.
I haven't found anything regarding this.
I discussed this with the group mid last year. Search the archives for
"**How to pass mount protocol traffic (mountd/NFS) using pf*
<http://archives.neohapsis.com/archives/openbsd/2006-06/1338.html>".
*-pachl
