http://bugzilla.novell.com/show_bug.cgi?id=543911 User nfbrown@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=543911#c11 Neil Brown <nfbrown@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #11 from Neil Brown <nfbrown@novell.com> 2009-11-02 17:15:25 MST --- (In reply to comment #10)
Will that work in the context of SuSEfirewall (which, for NFSv3, uses obtains the rpc port numbers dynamically) or will they remain bound to the same port?
That is a very good point. statd is the only service which this might be a problem for. If statd was started without specifying a port to use (as is normal) it will typically choose different ports numbers for UDP and TCP. If we kill and restart it, it is not possible to ask it to choose the same two port numbers. If a port number is specified, it will be used for both UDP and TCP. So the options seem to be to either - rerun the firewall rules after restarting statd - not restart statd if there is a firewall active. - hard code a number to be used by statd always While the last would be simplest, it is not possible to choose a number that will always be free. The second would also be fairly simply I suspect, if we found a security hole in statd, we would really want it to be restarted on an update. So that leaves the first option. I think that would be if [ -e /sbin/SuSEfirewall2 ]; then if /sbin/SuSEfirewall2 status < /dev/null > /dev/null then /sbin/SuSEfirewall2 on > /dev/null fi fi Ludwig: I think you are the maintainer of SuSEfirewall2 - would that be a safe thing to put in /etc/init.d/nfs to run after 'statd' has been restarted in response to "/etc/init.d/nfs restart" ?? Thanks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.