[ adding the list back to Cc ] On Thu, 2007-11-22 at 14:28 +0100, Marcus Rueckert wrote: > On 2007-11-22 13:31:59 +0100, Karsten Bräckelmann wrote: > > And impossible for SuSE out-of-the-box, given their > > braindead [1] init scripts. > > what is so braindead about it?
See these posts, the second one in particular. Also, my original Shorewall rules and documentation might be interesting. http://www.mail-archive.com/[EMAIL PROTECTED]/msg03986.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg03985.html Please note that the initial reason for the above pinning down NFS ports is firewall-friendly behavior and sane rules. With NFS, most involved services use random ports by default, particularly statd, lockd, mountd, rquotad. Which leads to somewhat unsatisfying rules as shown in [1]. The init script shipped by SuSE offers no way whatsoever to pass rpc.statd options, even though it does for rpc.mountd -- and thus no way to pin down the port out-of-the-box short of hacking the init script. Marcus, please feel free to keep me posted on this issue and a fix. I'll happily forward updates to the Shorewall lists. guenther [1] http://shorewall.net/ports.htm#NFS -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
