Well, it turns out that controlling the firewall behaviour with respect to NFS is not easy,
as perhaps lack of replies suggests. It is to do with, normally, port numbers beeing given
to some processes on first come - first serve basis. You would need to first fix the processes
to ports, before the firewall can be set to let them through. NOT easy, for me anyway.
There are some instructions here: http://www.linuxforum.com/linux-nfs/security.html