Firewalls: Re: NFS mounts

Firewalls
(February 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: NFS mounts
From:	smb @ research . att . com
Date:	Thu, 03 Feb 94 18:06:50 EST
To:	Gene Rackow <rackow @ mcs . anl . gov>
Cc:	robert @ puente . jpl . nasa . gov (Robert Angelino), ark @ lance . tis . llnl . gov, Firewalls @ GreatCircle . COM

	 If you are using a Sun as the server, get the libsecure
	 package from eecs.nwu.edu and Bill LeFebvre.  It has the
	 capabilities of restricting who gets NFS service of any type.

	 The TCP wrapper package is not a total solution since, from my
	 understanding, the tcp wrapper only works when the service is
	 started, not once it is running.  This leaves your with hole
	 on processes that get stated and then hang around.  Things
	 like rpc.mountd, ypserv, tftpd, etc.  This may have changed in
	 later releases of the the wrappers since I don't have the
	 current version docs open and am working from memory which is
	 dealing with the older versions.

Good point.  rpc.mountd can be started from inetd, but I don't know how
long it hangs around.  I also don't know how TCP calls to it are
handled in that case; the inetd.conf file here only shows a UDP entry.

Follow-Ups:

Re: NFS mounts
From: Scott McClung <mcclung @ nawc690 . chinalake . navy . mil>

Indexed By Date	Previous:	Re: NFS mounts From: Chuck Yerkes <cyerkes @ ov . com>
Indexed By Date	Next:	Re: Re: NFS mounts From: era @ ncar . ucar . edu (Ed Arnold)
Indexed By Thread	Previous:	Re: NFS mounts From: Chuck Yerkes <cyerkes @ ov . com>
Indexed By Thread	Next:	Re: NFS mounts From: Scott McClung <mcclung @ nawc690 . chinalake . navy . mil>