> On Tue, Jan 09, 2024 at 10:13:56AM +0300, 4 wrote: > No need to be so dramatic, the ports only change when the service is > restarted, so there is no need for constant monitoring and/or script > running. Either you run the script (a one-liner, by the way, see below) > on the server upon starting the daemon, or run it on the firewall via > cron at appropriate intervals (I'm assuming you don't reboot your server > every 10 minutes, so it can be run at large intervals).
> You may not find it "very pretty", but hey, it works fine. NFS over > firewalls decidedly isn't great, but it's the smallest of my NFS woes. > OT, they got to the moon with the computing power of a pocket > calculator, and the physics of going to mars are pretty much the same, > so I find your argument moot. Also, its literally a one line script. > Not exactly rocket science. > rpcinfo -p a.b.c.d | awk 'NR>1 { print "pass inet proto " $3 " to port " > $4 " flags any" }' | pfctl -a "portmap/$a" -f - forget about the moon. with such a high-quality script you won't even be able get to the nearest mcdonalds >_< even eighteen years ago this did much better. i'm setting up a chinese ip-camera, and i need to restart nfs frequently for testing(yes, i later opened everything for the tests, but at first i didn’t understand the reason. and this camera is another example of something that will never reach the moon >:( hikvision- maybe you've heard? ;)). although with the camera is already ended, but i just still don't understand why openbsd is "fighting in the wrong direction", because everyone else can do "-p" %\ “this is for your safety, please don’t leave the house”- oh, i’ve heard that somewhere before :D