config files obfuscation [was: Configuring NFS under Linux for Firewall control]
Paul W. Frields
paul at frields.com
Thu Dec 2 15:38:57 UTC 2004
On Thu, 2004-12-02 at 08:21 -0500, Paul W. Frields wrote:
> On Wed, 2004-12-01 at 19:25 -0500, Charles R. Anderson wrote:
> > On Wed, Dec 01, 2004 at 05:42:50PM -0500, Paul W. Frields wrote:
> > > On Wed, 2004-12-01 at 14:02 -0800, Florin Andrei wrote:
> > > > Perhaps don't leave the *PORT variables empty, but add sensible values?
> > >
> > > Sensible values will be widely variant from one location to the next. A
> > > "sensible value" is one that gets through *your* firewall. What's there
> > > should be good enough for even the laziest admin, IMHO, and yes, I
> > > resemble that remark too. :-)
> >
> > There are "standard" port numbers for some of these:
> >
> > MOUNTD_PORT=635
> > NFSD_PORT=2049
>
> For rpc.nfsd, you're right on. Sorry about that. For rpc.mountd and
> rpc.statd, the man pages show that ports are assigned randomly by
> portmap. Is that not correct?
As a correction to my correction, the current initscript for nfs doesn't
make any allowance for changing the listening port for nfsd. This is not
a value judgment, just an observation.
Bill Nottingham: Would you agree that bugs for these config files should
go, then, against the packages to which they refer (e.g. nfs-utils
for /etc/sysconfig/nfs)? Do you have any insight into whether the
maintainers would be interested in even doing this? I'll be happy to
file the tracker bug and the candidate for /etc/sysconfig/nfs to get
things started, if so.
--
Paul W. Frields, RHCE
More information about the devel
mailing list