On Thu, 2007-11-22 at 16:38 +0100, Marcus Rueckert wrote:
On 2007-11-22 15:12:22 +0100, Karsten Bräckelmann wrote:
And impossible for SuSE out-of-the-box, given their braindead [1] init scripts.
what is so braindead about it?
See these posts, the second one in particular. Also, my original Shorewall rules and documentation might be interesting. http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03986.h... http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03985.h...
Please note that the initial reason for the above pinning down NFS ports is firewall-friendly behavior and sane rules. With NFS, most involved services use random ports by default, particularly statd, lockd, mountd, rquotad. Which leads to somewhat unsatisfying rules as shown in [1].
The init script shipped by SuSE offers no way whatsoever to pass rpc.statd options, even though it does for rpc.mountd -- and thus no way to pin down the port out-of-the-box short of hacking the init script.
which is not that correct. all nfs related init scripts are marked config. hence all change you do to the init scripts will be preserved on upgrades, as long we dont change the init script. if the init script got changed it will copy your file to foo.rpmsave and put the new file in place. you can later merge your changes into the new file. anyway
This is irrelevant. I did not claim the changes would be overwritten.
The point is not about this being impossible, but about confusing and inconsistent options.
Following your logic -- why the need for $MOUNTD_PORT in the first place? Or rather /etc/sysconfig/nfs altogether, since you always can edit the init script...
there are many sysconfig variables for nfs already. if you see the need for more the best thing would be to open a bug.[1]
Sorry, won't. I am not a SuSE user and not going to argue about this on bugzilla. Also, I'm not complaining either, merely pointing out the options.
hope this helps
Actually, it doesn't. :) There's still the need to edit the init script, even though there is an options file intended solely for the purpose of avoiding this and keeping your settings in a sane place.
guenther - who got his share of bugzilla accounts already
-- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}