From c4ea36ab15729cc00e8e23de62449f9a92f93911 Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Tue, 17 Mar 2009 00:58:42 +0000
Subject: Automatically configuring NFS to use fixed ports when protecting with
 drakfirewall.

---
 lib/network/drakfirewall.pm | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'lib')

diff --git a/lib/network/drakfirewall.pm b/lib/network/drakfirewall.pm
index e00dfa6..7eb0e31 100644
--- a/lib/network/drakfirewall.pm
+++ b/lib/network/drakfirewall.pm
@@ -49,6 +49,8 @@ my @all_servers =
    pkg => 'nfs-utils nfs-utils-clients',
    ports => '111/tcp 111/udp 2049/tcp 2049/udp 4001/tcp 4001/udp 4002/tcp 4002/udp 4003/tcp 4003/udp 4004/tcp 4004/udp',
    hide => 1,
+   prepare => sub { prepare_nfs_services(); },
+   restart => 'nfs-common nfs-server',
   },
   {
    name => N_("Windows Files Sharing (SMB)"),
@@ -88,6 +90,23 @@ my @ifw_rules = (
     },
 );
 
+sub prepare_nfs_services {
+    # enabling fixed ports for NFS services
+    # nfs-common
+    substInFile {
+        s/^(STATD_OPTIONS)=$/$1="--port 4001"/;
+        s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4001$4"/;
+        s/^(LOCKD_)(TCP|UDP)(PORT)=.*/$1$2$3=4002/;
+    } "/etc/sysconfig/nfs-common";
+    # nfs-server
+    substInFile {
+        s/^(RPCMOUNTD_OPTIONS)=$/$1="--port 4003"/;
+        s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4003$4"/;
+        s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port 4004"/;
+        s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4004$4"/;
+    } "/etc/sysconfig/nfs-server";
+}
+
 sub port2server {
     my ($port) = @_;
     find {
@@ -296,12 +315,25 @@ sub main {
         choose_watched_services($in, $servers, $unlisted) or return;
     }
 
+    # preparing services when required
+    foreach (@$servers) {
+        exists $_->{prepare} and $_->{prepare}();
+    }
+
     my $ports = to_ports($servers, $unlisted);
+
     set_ports($in->do_pkgs, $disabled, $ports, $log_net_drop, $in) or return;
 
     # restart mandi
     require services;
     services::is_service_running("mandi") and services::restart("mandi");
 
+    # restarting services if needed
+    foreach my $service (@$servers) {
+        if ($service->{restart}) {
+            services::is_service_running($_) and services::restart($_) foreach split(' ', $service->{restart});
+        }
+    }
+
     ($disabled, $ports);
 }
-- 
cgit v1.2.1