vfs.nfsrv.nfs_privport controls wither or not NFS enforces the traditional RPC semantics that require that requests come from "privileged" ports. By default this check is disabled. Hardening guides typically suggest this be enabled, usually via the rc.conf knob nfs_reserved_port_only=YES.
I'm trying to find a good reason why the default is the way it is. Digging around in the source tree it appears that the rc.conf setting has been that way since either /etc/rc.conf or /etc/defaults/rc.conf has been in the tree. I do not consider the fact that the security provided is weak at best to be a good reason to disable it. I suspect support for PC-NFS or something like that may be the reason, but if that's the case it really doesn't make any sense. -- Brooks
pgpiiC2vOSyrJ.pgp
Description: PGP signature
