On Thu, 2007-11-22 at 16:38 +0100, Marcus Rueckert wrote: > On 2007-11-22 15:12:22 +0100, Karsten Bräckelmann wrote:
> > > > And impossible for SuSE out-of-the-box, given their > > > > braindead [1] init scripts. > > > > > > what is so braindead about it? > > > > See these posts, the second one in particular. Also, my original > > Shorewall rules and documentation might be interesting. > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg03986.html > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg03985.html > > > > Please note that the initial reason for the above pinning down NFS ports > > is firewall-friendly behavior and sane rules. With NFS, most involved > > services use random ports by default, particularly statd, lockd, mountd, > > rquotad. Which leads to somewhat unsatisfying rules as shown in [1]. > > > > > > The init script shipped by SuSE offers no way whatsoever to pass > > rpc.statd options, even though it does for rpc.mountd -- and thus no way > > to pin down the port out-of-the-box short of hacking the init script. > which is not that correct. all nfs related init scripts are marked > config. hence all change you do to the init scripts will be preserved on > upgrades, as long we dont change the init script. if the init script got > changed it will copy your file to foo.rpmsave and put the new file in > place. you can later merge your changes into the new file. anyway This is irrelevant. I did not claim the changes would be overwritten. The point is not about this being impossible, but about confusing and inconsistent options. Following your logic -- why the need for $MOUNTD_PORT in the first place? Or rather /etc/sysconfig/nfs altogether, since you always can edit the init script... > there are many sysconfig variables for nfs already. if you see the need > for more the best thing would be to open a bug.[1] Sorry, won't. I am not a SuSE user and not going to argue about this on bugzilla. Also, I'm not complaining either, merely pointing out the options. > hope this helps Actually, it doesn't. :) There's still the need to edit the init script, even though there is an options file intended solely for the purpose of avoiding this and keeping your settings in a sane place. guenther - who got his share of bugzilla accounts already -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}