Re: iptables and NFS

To: ghe@upsa.es, debian-firewall@lists.debian.org
Subject: Re: iptables and NFS
From: "Joao Victor A. Di Stasi" <jvictor_rj@yahoo.com.br>
Date: Thu, 29 Dec 2005 18:47:48 -0200
Message-id: <[🔎] 43B44B74.2030602@yahoo.com.br>
In-reply-to: <[🔎] 1134428956.10544.20.camel@stewie>
References: <[🔎] 1134428956.10544.20.camel@stewie>

My solutions was:

in my rc.firewall (part of)

#Portas NFS
NFSTCP=`rpcinfo -p | grep -v program| awk '{ print $3 " " $4 }' | sort |
uniq |\
grep tcp | awk '{print $2}' | xargs| sed 's/ /,/g'`
NFSUDP=`rpcinfo -p | grep -v program| awk '{ print $3 " " $4 }' | sort |
uniq |\
grep udp | awk '{print $2}' | xargs| sed 's/ /,/g'`
#
$IPTABLES -N NFS
$IPTABLES -N PESC
$IPTABLES -A INPUT -p tcp -m multiport --dport $NFSTCP -j NFS
$IPTABLES -A INPUT -p udp -m multiport --dport $NFSUDP -j NFS
$IPTABLES -A NFS -j PESC
$IPTABLES -A NFS -j DROP
$IPTABLES -A PESC -s 10.0.0.0/24 -j ACCEPT
$IPTABLES -A PESC -s 10.2.0.0/24 -j ACCEPT

works fine for me.


Happy new year
Feliz Ano novo!!!!

Ghe Rivero escreveu:

>Hi everyone,
>	we are going to use netfilter for our main firewall at University and a
>couples of dudes come to my mind now:
>	
>	1.- Since we have severals machines (around 50)  and all king of
>services, which is the best way to have everything more or less order?
>	2.- NFS use dinamic ports on conenctions with the clients. Howis it
>supposed to be firewaled (The same can be for some Windows isssues)
>	Thx in advanced to everyone!
>
>	Ghe Rivero
>
>  
>


	

	
		
_______________________________________________________ 
Yahoo! doce lar. Faça do Yahoo! sua homepage. 
http://br.yahoo.com/homepageset.html

Reply to:

References:
- iptables and NFS
  - From: Ghe Rivero <ghe@upsa.es>

Prev by Date: Re: Error-Guard Support Request
Previous by thread: Re: iptables and NFS
Next by thread: iptables + squid + dhcpd
Index(es):
- Date
- Thread