Right. It can go in /etc/init.d or in /etc/network/interfaces. Probably
better in interfaces so the rules are applied as soon as the interfaces
are up.
On Sat, 3 Jul 2004, Tom Allison wrote:
> Ernest Johanson wrote:
> > Good refinement to tighten things up.
> >
> >
>
> Thanks.
>
> I thought it would be necessary to re-run rpcinfo each time I booted
> because I can't find anything that says these ports are a certainty.
> That, and I only have NFS 3 support that I have to worry about.
>
>
>
> >>
> >>
> >># NFS
> >># First you open up the RPC port
> >>iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
> >> -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
> >> -j ACCEPT
> >>iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
> >> -d $IF_ADDRESS --dport sunrpc -m state --state NEW \
> >> -j ACCEPT
> >>
> >># Since rpc is so varied and large in it's ports I thought
> >># It easiest to just capture them all there and scroll throue
> >># the list. One for TCP, one for UDP
> >>TCP=`rpcinfo -p | grep "3 tcp" | awk '{print $4}' | sort | uniq`
> >>for P in $TCP; do
> >> iptables -A INPUT -i $IFACE -p tcp -s $LAN --sport $LO_PORTS \
> >> -d $IF_ADDRESS --dport $P -m state --state NEW \
> >> -j ACCEPT
> >>done
> >>
> >>UDP=`rpcinfo -p | grep "3 udp" | awk '{print $4}' | sort | uniq`
> >>for P in $UDP; do
> >> iptables -A INPUT -i $IFACE -p udp -s $LAN --sport $LO_PORTS \
> >> -d $IF_ADDRESS --dport $P -m state --state NEW \
> >> -j ACCEPT
> >>done
> >>
> >
> >
> >
> >
> > Ernest Johanson
> > Systems Administrator
> > Fuller Theological Seminary
> >
>
>
Ernest Johanson
Systems Administrator
Fuller Theological Seminary
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
