My solutions was:
in my rc.firewall (part of)
#Portas NFS
NFSTCP=`rpcinfo -p | grep -v program| awk '{ print $3 " " $4 }' | sort |
uniq |\
grep tcp | awk '{print $2}' | xargs| sed 's/ /,/g'`
NFSUDP=`rpcinfo -p | grep -v program| awk '{ print $3 " " $4 }' | sort |
uniq |\
grep udp | awk '{print $2}' | xargs| sed 's/ /,/g'`
#
$IPTABLES -N NFS
$IPTABLES -N PESC
$IPTABLES -A INPUT -p tcp -m multiport --dport $NFSTCP -j NFS
$IPTABLES -A INPUT -p udp -m multiport --dport $NFSUDP -j NFS
$IPTABLES -A NFS -j PESC
$IPTABLES -A NFS -j DROP
$IPTABLES -A PESC -s 10.0.0.0/24 -j ACCEPT
$IPTABLES -A PESC -s 10.2.0.0/24 -j ACCEPT
works fine for me.
Happy new year
Feliz Ano novo!!!!
Ghe Rivero escreveu:
>Hi everyone,
> we are going to use netfilter for our main firewall at University and a
>couples of dudes come to my mind now:
>
> 1.- Since we have severals machines (around 50) and all king of
>services, which is the best way to have everything more or less order?
> 2.- NFS use dinamic ports on conenctions with the clients. Howis it
>supposed to be firewaled (The same can be for some Windows isssues)
> Thx in advanced to everyone!
>
> Ghe Rivero
>
>
>
_______________________________________________________
Yahoo! doce lar. Faça do Yahoo! sua homepage.
http://br.yahoo.com/homepageset.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
