OpenBSD'ify the receive filter handling and cleanup some of the ioctl bits.
Am Donnerstag, 18. Oktober 2012 20:50 CEST, Bob Beck schrieb:
> > Anyways, since in my case, I only need a read-only export, I can also go
> > with sharing the files via http.
> > Both networks that are separated with the firewall, have about the same
> > trust level.
> > So now someone could
> On Thu, Oct 18, 2012, at 12:17 PM, Theo de Raadt wrote:
> > As you note, this has come up before, and the same reasons exist then
> > as now.
> >
> > The security model makes no sense: firewall, but allow NFS.
>
> It may make no sense to you, but that doesn't mean it makes no sense to
> everyon
On Thu, Oct 18, 2012, at 12:17 PM, Theo de Raadt wrote:
> As you note, this has come up before, and the same reasons exist then
> as now.
>
> The security model makes no sense: firewall, but allow NFS.
It may make no sense to you, but that doesn't mean it makes no sense to
everyone, especially th
> Anyways, since in my case, I only need a read-only export, I can also go with
> sharing the files via http.
> Both networks that are separated with the firewall, have about the same trust
> level.
> So now someone could argue, why the hell a firewall in there at all, but
> that's a different t
Am Donnerstag, 18. Oktober 2012 19:17 CEST, Theo de Raadt
schrieb:
> As you note, this has come up before, and the same reasons exist then
> as now.
>
> The security model makes no sense: firewall, but allow NFS.
Yes, its not optimal ;)
Before with my search, I only found the one I pointed
As you note, this has come up before, and the same reasons exist then
as now.
The security model makes no sense: firewall, but allow NFS.
> getting NFS through a firewall is not that trivial with mountd binding to a
> random port each time it starts.
> The patch below allows to specify a port wh
Hi,
getting NFS through a firewall is not that trivial with mountd binding to a
random port each time it starts.
The patch below allows to specify a port which mountd will use.
The idea and the patch is not from me. 99% is based on an old patch submitted
to tech@ in 2007:
http://old.nabble.com/
Hi!
On Mon, Oct 15, 2012 at 01:44:01PM +0200, Reyk Floeter wrote:
> the following diff adds support for the following scheduling algorithms:
>
> relays + rdrs:
> - source-hash
> - random
> rdrs:
> - least-states
>
I was actually wrong about source-hash and random, they do not work
with pf table
