Date: Fri, 15 Jun 2007 18:47:07 +0100 From: "Bruce M. Simpson" <bms@incunabulum.net> To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: freebsd-net@FreeBSD.org, Jeremie Le Hen <jeremie@le-hen.org> Subject: Re: Firewalling NFS Message-ID: <4672D09B.9030100@incunabulum.net> In-Reply-To: <20070615105950.GH3779@void.codelabs.ru> References: <20070615072734.GC8093@obiwan.tataz.chchile.org> <20070615105950.GH3779@void.codelabs.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Eygene Ryabinkin wrote: > NFSD binds to the port nfsd (2049) and for my -CURRENT both lockd > and statd have '-p' options: > ----- > $ man rpc.lockd rpc.statd | grep -- -p > rpc.lockd [-d debug_level] [-g grace period] [-p port] > -p The -p option allow to force the daemon to bind to the specified > rpc.statd [-d] [-p port] > -p The -p option allow to force the daemon to bind to the specified > ----- > Are we talking about same entities? > I added the -p switch to mountd(8) a few years ago, as I needed to run a read-only NFS server exposed to the outside world; to firewall it I needed a deterministic RPC port number, which is what -p gives you. Otherwise you have to rely on the TCP wrapper support built into rpcbind(8). The rpc.lockd and rpc.statd daemons were recently changed to incorporate this switch too, although I don't think it has been backported to the 6-STABLE branch yet. Regards, BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4672D09B.9030100>