NFS support in iptables (or other firewall)

view full story

http://serverfault.com – How do I enable NFS mounts/shares with iptables with DROP policy? NFS uses dynamically assigned ports, thus it is difficult to use with firewalls. I have an NFS server and a few clients. I would like to accept traffic ONLY on ports that are required for NFS to work. I have configured the NFS server to use static ports (4000-4004). The problem, however, is that the clients still selects a random port -- and because it is UDP I can only make it work if I accept all UDP traffic from the server. I found some documentation that describes setting a /sys variable that would limit the client to us (HowTos)