On Wed, Apr 26, 2006 at 02:13:06PM +0200, Steinar H. Gunderson wrote: > On Wed, Apr 26, 2006 at 06:36:59AM -0500, David McGiven wrote: > > The newer 2.6 series kernels support configuring the TCP/UDP port number > > of the kernel lockd via the files /proc/sys/fs/nfs/nlm_tcpport and > > /proc/sys/fs/nfs/nlm_udpport. > > Actually, I've been considering locking both lockd, mountd and statd to given > ports (see bugs #231074 and #289958, for instance) by default, but there are > two things that must be considered first: Other similar bugs to that problem (portmapper asigning ports of well-known-services) include #261484, #257876 and #306465 Those bugs could be prevented by the local admin by using the portreserve program and configuring it properly (I'm not aware of any package providing portreserve configurations so that the admin does not have to define them). For further information read the full thread at http://lists.debian.org/debian-devel/2005/09/msg01062.html Maybe the submitters of #231074 and #289958 should be pointed to portreserve as an alternative to fix their problem. After all the thread in debian-devel I packaged and submitted portreserve. I wonder why I don't see it being widely used. Either people are not aware of it, or it's a good solution to this (generic) issue. Regards Javier
Attachment:
signature.asc
Description: Digital signature