Hi,
while clearing (admittedly way too old) bugs I've found that for this bug
the reason here IMHO can be summarized as "because that is how upstream want's it" [1] but they are aware and so are the Ubuntu [2] (this still is what Shane & Dave started) and Debian [3] help pages about it.
Nowadays also the default config in /etc/default/nfs-kernel-server hints at the problem if you want/need to run with firewalls and hints at [3]:
```
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
```
I'm not a security person, so I can't assess if there really is a security (or other) benefit of having them random by default.
But OTOH I also doubt that no one has ever tried to discuss it with upstream since I find similar pages for almost any other major Distro [4][5] and manufacturers [6].
If anyone is really annoyed by this even today I guess the way to go is to discuss that default with upstream (or find old discussions and why they failed). If someone spends the work please add a link back here so no one needs to re-find them again.
Hi, nfs-kernel- server hints at the problem if you want/need to run with firewalls and hints at [3]: wiki.debian. org/SecuringNFS
while clearing (admittedly way too old) bugs I've found that for this bug
the reason here IMHO can be summarized as "because that is how upstream want's it" [1] but they are aware and so are the Ubuntu [2] (this still is what Shane & Dave started) and Debian [3] help pages about it.
Nowadays also the default config in /etc/default/
```
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://
```
I'm not a security person, so I can't assess if there really is a security (or other) benefit of having them random by default.
But OTOH I also doubt that no one has ever tried to discuss it with upstream since I find similar pages for almost any other major Distro [4][5] and manufacturers [6].
If anyone is really annoyed by this even today I guess the way to go is to discuss that default with upstream (or find old discussions and why they failed). If someone spends the work please add a link back here so no one needs to re-find them again.
[1]: https:/ /tldp.org/ HOWTO/NFS- HOWTO/security. html#FIREWALLS /wiki.ubuntu. com/How% 20to%20get% 20NFS%20working %20with% 20Ubuntu- CE-Firewall /wiki.debian. org/SecuringNFS /access. redhat. com/documentati on/en-us/ red_hat_ enterprise_ linux/6/ html/storage_ administration_ guide/s2- nfs-nfs- firewall- config /www.suse. com/support/ kb/doc/ ?id=000016649 /www.ibm. com/docs/ en/spectrum- scale/5. 1.0?topic= firewall- recommendations -protocol- access
[2]: https:/
[3]: https:/
[4]: https:/
[5]: https:/
[6]: https:/