I just got a CERT advisory about NFS that talks about some fairly obvious (once thought of) dangers of NFS. It advises: > A. Filter packets at your firewall/router. > B. Use a portmapper that disallows proxy access. > C. Check the configuration of the /etc/exports files on your hosts. > In particular: > 1. Do *not* self-reference an NFS server in its own exports file. > 2. Do not allow the exports file to contain a "localhost" entry. Anyone know why these are recommended? As far as I can see, if your portmapper doesn't do proxy calls and/or you firewall out port 111, and you don't care about local attacks, neither C.1 nor C.2 will buy you anything further. Am I missing something, or are these bits of advice simply there for people who don't do A and B? der Mouse mouse@collatz.mcrcim.mcgill.edu