Hi, while clearing (admittedly way too old) bugs I've found that for this bug the reason here IMHO can be summarized as "because that is how upstream want's it" [1] but they are aware and so are the Ubuntu [2] (this still is what Shane & Dave started) and Debian [3] help pages about it. Nowadays also the default config in /etc/default/nfs-kernel-server hints at the problem if you want/need to run with firewalls and hints at [3]: ``` # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS ```
I'm not a security person, so I can't assess if there really is a security (or other) benefit of having them random by default. But OTOH I also doubt that no one has ever tried to discuss it with upstream since I find similar pages for almost any other major Distro [4][5] and manufacturers [6]. If anyone is really annoyed by this even today I guess the way to go is to discuss that default with upstream (or find old discussions and why they failed). If someone spends the work please add a link back here so no one needs to re-find them again. [1]: https://tldp.org/HOWTO/NFS-HOWTO/security.html#FIREWALLS [2]: https://wiki.ubuntu.com/How%20to%20get%20NFS%20working%20with%20Ubuntu-CE-Firewall [3]: https://wiki.debian.org/SecuringNFS [4]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/storage_administration_guide/s2-nfs-nfs-firewall-config [5]: https://www.suse.com/support/kb/doc/?id=000016649 [6]: https://www.ibm.com/docs/en/spectrum-scale/5.1.0?topic=firewall-recommendations-protocol-access -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/28706 Title: need way to specify the lockd port To manage notifications about this bug go to: https://bugs.launchpad.net/module-init-tools/+bug/28706/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
