Quote:
Originally Posted by jggimi
I suppose that an admin could script dynamic PF configuration changes with rpcinfo(8) and PF's anchor facility, but I'm not aware of anyone who has bothered.
|
Unfortunately the age of NFS shows. It has never been designed to work well with the firewalls. In my experience most people don't run firewalls on NFS server/clients and automatic assumption is that server and clients are on the same subnet. I am not one of those people. I run firewall on all NFS both clients and servers and I have even NFS exported throught VPN which is filtered. Forcing NFS to use specific ports is the best thing in my experience but depending on the host OS you can hit many bugs when you try to force such behavior.