> On Tue, Jan 09, 2024 at 10:13:56AM +0300, 4 wrote:
> No need to be so dramatic, the ports only change when the service is
> restarted, so there is no need for constant monitoring and/or script
> running. Either you run the script (a one-liner, by the way, see below)
> on the server upon starting the daemon, or run it on the firewall via
> cron at appropriate intervals (I'm assuming you don't reboot your server
> every 10 minutes, so it can be run at large intervals).
> You may not find it "very pretty", but hey, it works fine. NFS over
> firewalls decidedly isn't great, but it's the smallest of my NFS woes.
> OT, they got to the moon with the computing power of a pocket
> calculator, and the physics of going to mars are pretty much the same,
> so I find your argument moot. Also, its literally a one line script.
> Not exactly rocket science.
> rpcinfo -p a.b.c.d | awk 'NR>1 { print "pass inet proto " $3 " to port "
> $4 " flags any" }' | pfctl -a "portmap/$a" -f -
forget about the moon. with such a high-quality script you won't even be able
get to the nearest mcdonalds >_< even eighteen years ago this did much better.
i'm setting up a chinese ip-camera, and i need to restart nfs frequently for
testing(yes, i later opened everything for the tests, but at first i didn’t
understand the reason. and this camera is another example of something that
will never reach the moon >:( hikvision- maybe you've heard? ;)). although with
the camera is already ended, but i just still don't understand why openbsd is
"fighting in the wrong direction", because everyone else can do "-p" %\ “this
is for your safety, please don’t leave the house”- oh, i’ve heard that
somewhere before :D
