This may seem like a silly question, but how do you iptable firewall an NFS Server tightly? I tend to use Samba much more heavily which is easy, the ports are clearly defined... but on NFS it is relying on portmapper (yuck).... so the ports may change... Is it possible to fix the NFS Server ports, and if so, do you still have to keep portmapper open? (I guess so) Or is there some clever iptables rule or module that will allow NFS to work without opening lots of high port numbers..? EDIT: OK solved it, fixing the ports is definitely the way to go...
It is possible. The key is to lock down the port numbers for mountd, lockd and statd.
Lots of information available on the Internet. Do a web search for "NFS iptables"
yes I solved it and added an EDIT after posting to explain, but the formatting has come out wrong so you must have missed the edit at the bottom of the original post...