Hello, I want to tie down NFS ports so I can put up a firewall. In particular, I'm looking at statd. I noticed from the man pages that statd can take a "-p" and a "-o" option for setting ports. The startup script /etc/rc.d/init.d/nfslock appears to be trying to take this into consideration. If I start NFS using the bare-bones startup scripts that came with FC1, I notice that when I do an rcpinfo -p I get something like: 100024 1 udp 32768 status 100024 1 tcp 32770 status If I make a file /etc/sysconfig/nfs (this is referenced in /etc/rc.d/init.d/nfslock but did not exist) and put the following lines in it: STATD_PORT=32765 STATD_OUTGOING_PORT=32766 then after restarting my machine rcpinfo -p gives: 100024 1 udp 32765 status 100024 1 tcp 32765 status It appears that if I attempt to specify ports, STATD_OUTGOING_PORT gets "ignored". I'm concentrating on statd here as an example, but my concerns all relate to the general question of "What is the best way to tie down NFS ports?" I've seen a lot of stuff on this such as defining ports in /etc/services, directly hard-coding ports in the startup scripts, and I've tried numerous combinations. So far, the only thing that seems to work with consistency for me is using /etc/modules.conf to tie down the lockd ports. Any ideas on this would be greatly appreciated. Regards, Stu.
