We are running a SUSE11/OES11 cluster serving NSS volumes as NCP, NFS and AFP. Is the only feasible workaround for the NFS no_root_squash requirement to firewall the mountd port?

If so will having a list of 1,000+ IP numbers in the allow list for mountd have a significant impact on the cluster nodes? Unfortunately on our University class B IPv4 site the allocated IP addresses are scattered and the subset of PCs controlled by technicians (and therefore 'trusted') are not contiguous and neatly arranged.