On 2007-11-22 15:12:22 +0100, Karsten Bräckelmann wrote:
[ adding the list back to Cc ]
On Thu, 2007-11-22 at 14:28 +0100, Marcus Rueckert wrote:
On 2007-11-22 13:31:59 +0100, Karsten Bräckelmann wrote:
And impossible for SuSE out-of-the-box, given their braindead [1] init scripts.
what is so braindead about it?
See these posts, the second one in particular. Also, my original Shorewall rules and documentation might be interesting. http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03986.h... http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03985.h...
Please note that the initial reason for the above pinning down NFS ports is firewall-friendly behavior and sane rules. With NFS, most involved services use random ports by default, particularly statd, lockd, mountd, rquotad. Which leads to somewhat unsatisfying rules as shown in [1].
The init script shipped by SuSE offers no way whatsoever to pass rpc.statd options, even though it does for rpc.mountd -- and thus no way to pin down the port out-of-the-box short of hacking the init script.
Marcus, please feel free to keep me posted on this issue and a fix. I'll happily forward updates to the Shorewall lists.
which is not that correct. all nfs related init scripts are marked config. hence all change you do to the init scripts will be preserved on upgrades, as long we dont change the init script. if the init script got changed it will copy your file to foo.rpmsave and put the new file in place. you can later merge your changes into the new file. anyway
there are many sysconfig variables for nfs already. if you see the need for more the best thing would be to open a bug.[1]
hope this helps
darix-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org