This may seem like a silly question, but how do you iptable firewall an NFS Server tightly? I tend to use Samba much more heavily which is easy, the ports are clearly defined... but on NFS it is relying on portmapper (yuck).... so the ports may change...

Is it possible to fix the NFS Server ports, and if so, do you still have to keep portmapper open? (I guess so)

Or is there some clever iptables rule or module that will allow NFS to work without opening lots of high port numbers..?


EDIT: OK solved it, fixing the ports is definitely the way to go...