-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthias Langer wrote:
> i've recently set up a local nfs server for my disfiles; to keep the WAN
> out i have:
>
> iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
> iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
>
> everthing is working fine so far; however, my logs are full with these
> messages:
>
> svc: bad direction 268435456, dropping request
>
> any comments ?
I have had this too from quite a while back
(http://blog.axljab.homelinux.org/post/6/). I turned on logging in my
firewall to find out that nfs listens on random ports for UDP
connections. The problem is that the random ports change ;-) In my
firewall *most* of > 1024 is open so there isn't much I can do about it.
- From what I noticed it's nobody trying to hack you but rather just
internet "static" which by coincidence tries a port that your NFS is
listening on. I stopped worrying about it after a while. The option for
NFS to listen only on one interface wasn't then (iirc) an option .. not
sure about now though.
Greetings,
Ralph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEljT+Ct0ZF9kLPvYRAupeAJ9kSYUdHh6DaV/npK+llF7an4jcMQCfXUgN
Gr0GEONQuBgPDhYgYdqedW8=
=JSh1
-----END PGP SIGNATURE-----
--
[email protected] mailing list
