Re: nfs-kernel-server and firewalls

To: Tom Allison <tallison@tacocat.net>
Cc: debian-user@lists.debian.org
Subject: Re: nfs-kernel-server and firewalls
From: Ernest Johanson <ejohan@fuller.edu>
Date: Sat, 3 Jul 2004 14:32:25 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.58.0407031429070.25399@esther.fuller.edu>
In-reply-to: <[🔎] 40E63654.4090804@tacocat.net>
References: <[🔎] 20040702021713.50165.qmail@web41112.mail.yahoo.com> <[🔎] 40E4D0D3.7030600@tacocat.net> <[🔎] Pine.LNX.4.58.0407021648160.9909@zuzia.materials.unsw.edu.au> <[🔎] 40E54148.2020204@tacocat.net> <[🔎] Pine.LNX.4.58.0407021032590.26527@esther.fuller.edu> <[🔎] 40E5E9A1.700@tacocat.net> <[🔎] Pine.LNX.4.58.0407021632120.26527@esther.fuller.edu> <[🔎] 40E63654.4090804@tacocat.net>

Right. It can go in /etc/init.d or in /etc/network/interfaces. Probably
better in interfaces so the rules are applied as soon as the interfaces
are up.


On Sat, 3 Jul 2004, Tom Allison wrote:

> Ernest Johanson wrote:
> > Good refinement to tighten things up.
> >
> >
>
> Thanks.
>
> I thought it would be necessary to re-run rpcinfo each time I booted
> because I can't find anything that says these ports are a certainty.
> That, and I only have NFS 3 support that I have to worry about.
>
>
>
> >>
> >>
> >># NFS
> >># First you open up the RPC port
> >>iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
> >>         -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
> >>         -j ACCEPT
> >>iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
> >>         -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
> >>         -j ACCEPT
> >>
> >># Since rpc is so varied and large in it's ports I thought
> >># It easiest to just capture them all there and scroll throue
> >># the list.  One for TCP, one for UDP
> >>TCP=`rpcinfo -p | grep "3   tcp" | awk '{print $4}' | sort | uniq`
> >>for P in $TCP; do
> >>         iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
> >>                 -d $IF_ADDRESS --dport $P -m state --state NEW \
> >>                 -j ACCEPT
> >>done
> >>
> >>UDP=`rpcinfo -p | grep "3   udp" | awk '{print $4}' | sort | uniq`
> >>for P in $UDP; do
> >>         iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
> >>                 -d $IF_ADDRESS --dport $P -m state --state NEW \
> >>                 -j ACCEPT
> >>done
> >>
> >
> >
> >
> >
> > Ernest Johanson
> > Systems Administrator
> > Fuller Theological Seminary
> >
>
>



Ernest Johanson
Systems Administrator
Fuller Theological Seminary

Reply to:

Follow-Ups:
- Re: nfs-kernel-server and firewalls
  - From: Tom Allison <tallison@tacocat.net>

References:
- Re: nfs-kernel-server and firewalls
  - From: Thomas Adam <thomas_adam16@yahoo.com>
- Re: nfs-kernel-server and firewalls
  - From: Tom Allison <tallison@tacocat.net>
- Re: nfs-kernel-server and firewalls
  - From: Tadeusz Bak <T.Bak@unsw.edu.au>
- Re: nfs-kernel-server and firewalls
  - From: Tom Allison <tallison@tacocat.net>
- Re: nfs-kernel-server and firewalls
  - From: Ernest Johanson <ejohan@fuller.edu>
- Re: nfs-kernel-server and firewalls
  - From: Tom Allison <tallison@tacocat.net>
- Re: nfs-kernel-server and firewalls
  - From: Ernest Johanson <ejohan@fuller.edu>
- Re: nfs-kernel-server and firewalls
  - From: Tom Allison <tallison@tacocat.net>

Prev by Date: Re: exim4: Avoiding dynamic IP blacklists
Next by Date: Re: delete mbox mail from command line
Previous by thread: Re: nfs-kernel-server and firewalls
Next by thread: Re: nfs-kernel-server and firewalls
Index(es):
- Date
- Thread