Restricting NFS Share Visibility

How do we restrict visibility on NFS shares to specific ip addresses?

Our NFS shares are visible to any machine even though we specified specific authorized hosts. Currently, any host can see the shares.

When you say they can see them, do you mean they can see the share exists and access the content or that they can see that the share exists but are unable to access the share?

They can see that the NFS share exists but are unable to access the share.
We would like the NFS share to only be viewable by specific client machines.
Is there a firewall to limit access to ports based on client IP address?

You could look at configuring that if your switch supports that, but that is not a feature of TrueNAS

Thanks for your suggestion.

We’re trying to make sure to implement Zero Trust on the Truenas device without having to depend upon the correct configuration of an upstream device. In our case we want to ensure that no device on the subnet except those specified can see a share or service. This also prevents a bad actor, who may have plugged a device into our subnet, from gleaning any information about resources like shares.

I assume you have chosen to run NFSv4 rather than 3?

We were forced to use v3 in the past due to a client software compatibility issue. The client software has been upgraded, so retesting with v4 will be happening soon.