Good refinement to tighten things up.
Thanks.
I thought it would be necessary to re-run rpcinfo each time I booted because I can't find anything that says these ports are a certainty.
That, and I only have NFS 3 support that I have to worry about.
# NFS # First you open up the RPC port iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \ -d $IF_ADDRESS --dport sunrpc -m state --state NEW \ -j ACCEPT iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \ -d $IF_ADDRESS --dport sunrpc -m state --state NEW \ -j ACCEPT
# Since rpc is so varied and large in it's ports I thought # It easiest to just capture them all there and scroll throue # the list. One for TCP, one for UDP TCP=`rpcinfo -p | grep "3 tcp" | awk '{print $4}' | sort | uniq` for P in $TCP; do iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \ -d $IF_ADDRESS --dport $P -m state --state NEW \ -j ACCEPT done
UDP=`rpcinfo -p | grep "3 udp" | awk '{print $4}' | sort | uniq` for P in $UDP; do iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \ -d $IF_ADDRESS --dport $P -m state --state NEW \ -j ACCEPT done
Ernest Johanson Systems Administrator Fuller Theological Seminary
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
