Locking down portmap on Debian

Most sensible people are very wary of NFS and its potential for security holes. If you can at all help it, it's a good idea not to run NFS and portmap on a network interface with direct internet connectivity. However, this isn't always convenient.

As I needed to have NFS sharing on a host exposed to the internet, I set about finding the various places I needed to firewall. The tools I typically use to verify I've done the right things are netstat -nap on the machine concerned, to check for listening processes, and nmap from remote hosts to sniff for open ports.