Date: Tue, 8 May 2012 07:13:47 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Bob Friesenhahn <bfriesen@simple.dallas.tx.us> Cc: freebsd-fs@freebsd.org Subject: Re: NFSv4 Questions Message-ID: <1387389132.59565.1336475627040.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <alpine.GSO.2.01.1205072034320.1678@freddy.simplesystems.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Friesenhahn wrote: > On Mon, 7 May 2012, Rick Macklem wrote: > >> > > It is my understanding that NFSv4 servers are not supposed to > > require > > a "reserved" port#. However, at a quick glance, I can't find that > > stated > > in RFC 3530. (It may be implied by the fact that NFSv4 uses a "user" > > based > > security model and not a "host" based one.) > > > > As such, the client should never need to "waste" a reserved port# on > > a NFSv4 > > connection. > > Firewalls might use the reserved port as part of a filtering > algorithm. > Hmm, since the IETF working group was determined to "get rid of this bunk w.r.t. reserved port #s being used to enhance security", I might argue that said firewalls were misconfigured/broken. However, I can see an argument that, instead of silently ignoring the option, it should be obeyed, but with a note in the man page that it shouldn't be used for NFSv4. rick > Bob > -- > Bob Friesenhahn > bfriesen@simple.dallas.tx.us, > http://www.simplesystems.org/users/bfriesen/ > GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1387389132.59565.1336475627040.JavaMail.root>