On Wed, Sep 16, 2015 at 9:25 AM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: > > > > On 09/15/2015 03:15 PM, Soumya Koduri wrote: > > > > > > On 09/15/2015 12:00 AM, Malahal Naineni wrote: > >> Steve Dickson [SteveD@xxxxxxxxxx] wrote: > >>> Hello, > >>> > >>> On 09/14/2015 09:11 AM, Soumya Koduri wrote: > >>>> Hi, > >>>> > >>>> In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service. > >>>> > >>>> Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'. > >>> Hmm... I didn't know about this... We should probably > >>> set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script? > >> > >> I believe, mountd already uses /etc/services file by default. So > >> specifying it in /etc/services would be good. I think RHEL7 has one for > >> mountd. This is specific to NFSv3 anyway... > >> > > > > From '/etc/services' & [1], looks like port# '20048' has been registered to be used by mountd service. Does it help if we have ports registered for other services too then? Or is it better to keep them dynamic and leave it to admin to choose & edit '/etc/sysconfig/nfs' file as required. > > > > [1] http://www.iana.org/assignments/port-numbers > > > > I'm thinking its better to leave it up to the admins... > If that is the case, is there any way to tie the ports assigned to /etc/sysconfig/nfs etc to a set of firewall rules that open those ports for incoming traffic? Having to adjust 2 sets of configurations every time you want to assign a new port is a potential source of errors. Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
