[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nfs-kernel-server and firewalls

Ernest Johanson wrote:

Good refinement to tighten things up.




Thanks.
I thought it would be necessary to re-run rpcinfo each time I booted because I can't find anything that says these ports are a certainty. 
That, and I only have NFS 3 support that I have to worry about.






# NFS
# First you open up the RPC port
iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
        -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
        -j ACCEPT
iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
        -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
        -j ACCEPT

# Since rpc is so varied and large in it's ports I thought
# It easiest to just capture them all there and scroll throue
# the list.  One for TCP, one for UDP
TCP=`rpcinfo -p | grep "3   tcp" | awk '{print $4}' | sort | uniq`
for P in $TCP; do
        iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
                -d $IF_ADDRESS --dport $P -m state --state NEW \
                -j ACCEPT
done

UDP=`rpcinfo -p | grep "3   udp" | awk '{print $4}' | sort | uniq`
for P in $UDP; do
        iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
                -d $IF_ADDRESS --dport $P -m state --state NEW \
                -j ACCEPT
done






Ernest Johanson
Systems Administrator
Fuller Theological Seminary
Reply to: