[OpenAFS] Which inbound ports need to be open for AFS servers?

[Jason Edgecombe]

Hi all,

In light of the recent security announcement, I would like to review the 
open firewall ports on my AFS servers.

For quick reference, here are the ports from the afsd man page:

          fileserver      7000/udp
          cachemanager    7001/udp
          ptserver        7002/udp
          vlserver        7003/udp
          kaserver        7004/udp (not needed with Kerberos v5)
          volserver       7005/udp
          reserved        7006/udp (for future use)
          bosserver       7007/udp

Which of these ports need to be open inbound for off-site clients to 
work properly?

Would it hurt anything to block port 7001 inbound on a fileserver or DB 
server running an AFS client?

Thanks,
Jason