If you are using a Sun as the server, get the libsecure
package from eecs.nwu.edu and Bill LeFebvre. It has the
capabilities of restricting who gets NFS service of any type.
The TCP wrapper package is not a total solution since, from my
understanding, the tcp wrapper only works when the service is
started, not once it is running. This leaves your with hole
on processes that get stated and then hang around. Things
like rpc.mountd, ypserv, tftpd, etc. This may have changed in
later releases of the the wrappers since I don't have the
current version docs open and am working from memory which is
dealing with the older versions.
Good point. rpc.mountd can be started from inetd, but I don't know how
long it hangs around. I also don't know how TCP calls to it are
handled in that case; the inetd.conf file here only shows a UDP entry.
Re: NFS mounts
From: Scott McClung <mcclung @