Neil Stockbridge wrote:
i'm shooting from the hip a bit here and i've not tried this out but isn't NFS managed by portmap? portmap has a "-i" option that binds portmap only to the specified address. is that option any good?
No. If the portmapper isn't contactable on 127.0.0.1, nfs doesn't start. If it is, it starts listening on all interfaces. NFS is protected by tcpwrappers, and while you can't stop it binding to all interfaces, you can configure it to reject all connections on a certain interface. Have a look at "man hosts.allow" and scroll down to "SERVER ENDPOINT PATTERNS" Either that or you could use iptables. Cheers, Rex
