On Wed, Sep 24, 2014 at 11:21:50AM -0400, Steve Dickson wrote: > > > On 09/23/2014 04:41 PM, Trond Myklebust wrote: > > On Tue, Sep 23, 2014 at 3:07 AM, Jan Chaloupka <jchaloup@xxxxxxxxxx> wrote: > >> mountd tcp wrappers support only NFSv2 and NFSv3, not NFSv4. > >> > >> https://bugzilla.redhat.com/show_bug.cgi?id=1116283 > >> > >> This patch updates the man page > >> > >> Signed-off-by: Jan Chaloupka <jchaloup@xxxxxxxxxx> > >> --- > >> utils/mountd/mountd.man | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man > >> index a8828ae..1aae75b 100644 > >> --- a/utils/mountd/mountd.man > >> +++ b/utils/mountd/mountd.man > >> @@ -217,6 +217,8 @@ listeners using the > >> .B tcp_wrapper > >> library or > >> .BR iptables (8). > >> +Tcp wrappers are only in effect with NFS version 2 and 3 mounts. > >> +They do not work with NFS version 4. > >> .PP > >> Note that the > >> .B tcp_wrapper > >> > > > > Is there any point to compiling mountd with the tcp wrappers in this > > day and age? > >From an upstream point of view... Sure... But I don't think > we can remove them from the man pages... > > > > tcp wrappers isn't enforced by knfsd, so as the above > > manpage change indicates it really is only blocking NFSv2/v3 _mount_ > > attempts. > > > > If you can use NFSv4, or sniff the NFSv2/v3 traffic or even just guess > > NFSv2/v3 filehandles, then tcp wrappers can be 100% circumvented. > > > You would be surprised on the amount of people that still use > them... I'd also be surprised if any of them really understand how little they do in this case. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
