On 09/23/2014 04:41 PM, Trond Myklebust wrote: > On Tue, Sep 23, 2014 at 3:07 AM, Jan Chaloupka <jchaloup@xxxxxxxxxx> wrote: >> mountd tcp wrappers support only NFSv2 and NFSv3, not NFSv4. >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1116283 >> >> This patch updates the man page >> >> Signed-off-by: Jan Chaloupka <jchaloup@xxxxxxxxxx> >> --- >> utils/mountd/mountd.man | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man >> index a8828ae..1aae75b 100644 >> --- a/utils/mountd/mountd.man >> +++ b/utils/mountd/mountd.man >> @@ -217,6 +217,8 @@ listeners using the >> .B tcp_wrapper >> library or >> .BR iptables (8). >> +Tcp wrappers are only in effect with NFS version 2 and 3 mounts. >> +They do not work with NFS version 4. >> .PP >> Note that the >> .B tcp_wrapper >> > > Is there any point to compiling mountd with the tcp wrappers in this > day and age? >From an upstream point of view... Sure... But I don't think we can remove them from the man pages... > tcp wrappers isn't enforced by knfsd, so as the above > manpage change indicates it really is only blocking NFSv2/v3 _mount_ > attempts. > > If you can use NFSv4, or sniff the NFSv2/v3 traffic or even just guess > NFSv2/v3 filehandles, then tcp wrappers can be 100% circumvented. > You would be surprised on the amount of people that still use them... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
