[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall not applying some rules on startup



On Sun, 10 Apr 2005 09:12:49 -0400, Phil wrote in message 
<42592651.4080900@cox.net>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> David Powell wrote:
> > Hello List,
> > 
> > When my LAMP server first fires up it runs a firewall script, but 
> > doesn't seem to be applying the rules that allow NFS connections. 
> > If I  then rerun the script manually, the NFS connections work
> > again.
> > 
> > My script has the following sections (other stuff, hopefully not 
> > relevant has been snipped).
> > 
> > <-- Start Firewall script -->
> > # Get the ports for NFS mountd
> > NFSPORTS_ARRAY=`rpcinfo -p | awk '/mountd/ {print $4}' | sort |
> > uniq` for PORT_NUM in $NFSPORTS_ARRAY
> > do
> >      if [ ! $NFSPORTS ]
> >      then
> >          NFSPORTS=$PORT_NUM
> >      else
> >          NFSPORTS="${NFSPORTS},${PORT_NUM}"
> >      fi
> > done
> 
> I'd say your firewall is starting up before nfs in your rc scripts, so
> your NFSPORTS_ARRAY is empty. Try changing the firewall to start up
> after nfs.

..that would leave it open for a wee while, no?
I'd rather just rerun the rerun the nfs firewalling, either from
rc.local or off an extra /etc/rc2.d/S22iptables link, if it's just 
nfs, if you have more stuff later than /etc/rc2.d/S21nfs-common,
add more delay or extra /etc/rc2.d/SNNiptables links.

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.




Reply to: