Re: Firewall not applying some rules on startup
On Sun, 10 Apr 2005 09:12:49 -0400, Phil wrote in message
<[🔎] 42592651.4080900@cox.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Powell wrote:
> > Hello List,
> >
> > When my LAMP server first fires up it runs a firewall script, but
> > doesn't seem to be applying the rules that allow NFS connections.
> > If I then rerun the script manually, the NFS connections work
> > again.
> >
> > My script has the following sections (other stuff, hopefully not
> > relevant has been snipped).
> >
> > <-- Start Firewall script -->
> > # Get the ports for NFS mountd
> > NFSPORTS_ARRAY=`rpcinfo -p | awk '/mountd/ {print $4}' | sort |
> > uniq` for PORT_NUM in $NFSPORTS_ARRAY
> > do
> > if [ ! $NFSPORTS ]
> > then
> > NFSPORTS=$PORT_NUM
> > else
> > NFSPORTS="${NFSPORTS},${PORT_NUM}"
> > fi
> > done
>
> I'd say your firewall is starting up before nfs in your rc scripts, so
> your NFSPORTS_ARRAY is empty. Try changing the firewall to start up
> after nfs.
..that would leave it open for a wee while, no?
I'd rather just rerun the rerun the nfs firewalling, either from
rc.local or off an extra /etc/rc2.d/S22iptables link, if it's just
nfs, if you have more stuff later than /etc/rc2.d/S21nfs-common,
add more delay or extra /etc/rc2.d/SNNiptables links.
--
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: