Sorry to respond to my own question, but...
It was inevitable... Just after I sent the e-mail off, I discovered
what the "problem" was.
The thought pattern went something like this: "Hmmm... low ports, root uid,
no process... sounds like the kernel... but why would the kernel need...
ummmm...", followed by the wet-and-squishy sound of an obvious answer
presenting itself to me.
The machine is a NFS server, and _client_. The NFS client side is
handled in the kernel... one quick tcpdump confirmed my suspicion:
The ports are used for NFS client functionality. Each port is used
for a mount point.
So, the next question is:
How can I tell what port the kernel has picked for NFS client
traffic, so that I can treat it appropriately in the packet
filter?
Josh
-- -----------------------------Joshua E. Hill------------------------------ |We come into this world screaming, naked, and covered in bodily fluids.| | If we live our lives correctly, this never has to change... | ----------------------------jehill@nexis.org------------------------------ To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/