[Dovecot] OT: NFS ports (was: Re: dovecot loading during boot)

Thu Nov 22 19:46:51 EET 2007

On Thu, 2007-11-22 at 16:38 +0100, Marcus Rueckert wrote:
> On 2007-11-22 15:12:22 +0100, Karsten Bräckelmann wrote:

> > > > And impossible for SuSE out-of-the-box, given their
> > > > braindead [1] init scripts.
> > > 
> > > what is so braindead about it?
> > 
> > See these posts, the second one in particular. Also, my original
> > Shorewall rules and documentation might be interesting.
> >  http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03986.html
> >  http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg03985.html
> > 
> > Please note that the initial reason for the above pinning down NFS ports
> > is firewall-friendly behavior and sane rules. With NFS, most involved
> > services use random ports by default, particularly statd, lockd, mountd,
> > rquotad. Which leads to somewhat unsatisfying rules as shown in [1].
> > 
> > 
> > The init script shipped by SuSE offers no way whatsoever to pass
> > rpc.statd options, even though it does for rpc.mountd -- and thus no way
> > to pin down the port out-of-the-box short of hacking the init script.

> which is not that correct. all nfs related init scripts are marked
> config. hence all change you do to the init scripts will be preserved on
> upgrades, as long we dont change the init script. if the init script got
> changed it will copy your file to foo.rpmsave and put the new file in
> place. you can later merge your changes into the new file. anyway

This is irrelevant. I did not claim the changes would be overwritten.

The point is not about this being impossible, but about confusing and
inconsistent options.

Following your logic -- why the need for $MOUNTD_PORT in the first
place? Or rather /etc/sysconfig/nfs altogether, since you always can
edit the init script...

> there are many sysconfig variables for nfs already. if you see the need
> for more the best thing would be to open a bug.[1]

Sorry, won't. I am not a SuSE user and not going to argue about this on
bugzilla. Also, I'm not complaining either, merely pointing out the
options.

> hope this helps

Actually, it doesn't. :)  There's still the need to edit the init
script, even though there is an options file intended solely for the
purpose of avoiding this and keeping your settings in a sane place.

  guenther  - who got his share of bugzilla accounts already

-- 
char *t="\10pse\0r\0dtu\0. at ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}