Re: NFS and iptables during bootup
Hi.
On Mon, Aug 04, 2014 at 05:52:43PM +0300, Martin T wrote:
> Hi,
>
> I made a very simple bash script which loads the iptables
> configuration from /etc/firewall.conf and /etc/firewall6.conf files:
>
> # cat /etc/init.d/firewall
> #!/bin/bash
>
> iptables-restore < /etc/firewall.conf
> ip6tables-restore < /etc/firewall6.conf
> #
>
> Script is stored in /etc/init.d/ directory, but I haven't configured
> init to load this script directly. I use the pre-up option in
> /etc/network/interfaces instead:
>
> # grep pre-up /etc/network/interfaces
> pre-up /etc/init.d/firewall
It's better to move such script to /etc/network, as your script:
a) Does not contain a customary LSB header, so it WILL confuse
insserv(8) on next insserv invocation.
b) Does not contain so much things usually put into init script that I
even don't know where to begin.
And, while we're it - your script does not contain anything
bash-specific, so you can use '#!/bin/sh' as well.
Also, I suggest you to take a look at this:
https://packages.debian.org/wheezy/iptables-persistent
> /etc/firewall.conf and /etc/firewall6.conf contain few simple
> allow-rules to input chain and set default policies for chains in
> input table to drop.
The contents of those files would be welcome. I suspect that your current
rules block lo interface that is most probably the source of the
problem.
And, do you really use NFS3? statd is needed for NFS versions 2 and 3
only.
Reco
Reply to: