On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote: > The discussion about the fact mountd (statd) no longer accept connections from > unknown IP address (similar to other system daemon) due to a "fix" in the tcp > wrapper code is at: This is not a change in tcp_wrapper, but in nfs-utils. And as far as I can tell this is not already upstream, so this looks like (but I may be wrong) a fedora specific change in mountd. I think that it is a very questionable change. Maybe it makes sense for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it doesn't make sense to me, since there is no security at all in any case. I may very well be missing something, though. > Through some side bar discussion it been suggested an update to > the man page is probably need (which I agree) and maybe a flag > of some sort to allow unknown IP address access. I must admit, I'm > a bit hesitant to do the later, since I don't think its a good idea > to allow unknown client access any system daemon... Why not? Forcing reverse DNS lookup to be working seems to me to be quite extreme. In a typical local network, for NFSv3, not having reverse lookup working for clients seems quite natural to me, especially on NATed networks. -- Pat -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
