On Thu, 2010-04-08 at 03:37 +0200, Marco d'Itri wrote: > On Apr 05, Ben Hutchings <b...@decadent.org.uk> wrote: > > > > echo "mountd statd portmap lockd: ALL" >> /etc/hosts.deny > > > # the second line is acually not needed, but shows that the problem is > > > # not a wrong service name > > > echo "32767: ALL" >> /etc/hosts.deny > > > > > > telnet servername 32767 > > > Port number 32767 is meaningless since SunRPC ports are dynamically > > assigned. You'll need to look at 'rpcinfo -p' to see which service is > > on which port, then specify which *service* is not being wrapped. > I am aware of this, as explained above. > > > So far as I can see, rpc.mountd is using libwrap0 while the NFS server > > is not because, er, it's in the kernel. What do you expect? > This is not about the NFS server but mountd, which I configured to use > port 32767 with the -p command line option. strace shows no attempt to > access /etc/hosts.*.
Did you try to mount from the same host? Local addresses (i.e.
addresses bound to an interface) are specifically excluded from
checking. Also note that mountd caches host decisions so long as the
hosts.{allow,deny} files are unchanged.
> BTW, I think it would also be useful to be able to bind the kernel lockd
> to localhost since NFSv4 does not require remote access to it.
Then report a wishlist bug for that.
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
signature.asc
Description: This is a digitally signed message part
