Karsten Bräckelmann wrote: > On Wed, 2007-11-14 at 09:16 -0800, Tom Eastep wrote: > it is the least painful >> strategy to simply allow all UDP traffic (in both directions) between the > > That depends on your definition of "painful". For me, opening all UDP > ports is more painful, than spending a couple minutes configuring the > server. :) > >> client(s) and the server. You might find that you can work around the >> problem if you do that. >> >> /etc/shorewall/rules: >> >> ACCEPT fw loc udp >> ACCEPT loc fw udp > > See http://shorewall.net/ports.htm#NFS , which hints to my documentation > and rules for "pinning down NFS". That way, you can restrict NFS to a > few fixed ports only, instead of opening everything.
Just so we're all on the same page -- Karsten's documentation is specific to Redhat/Fedora so it will probably also work for CentOS. It is not directly applicable to other distributions. As a consequence, for me opening all UDP ports is less painful than spending the time necessary to translate Karsten's instructions into something that will work on one of the distributions that I run. And, of course, using your firewall as a local NFS server is not the world's best idea from the point of view of security but I confess that I do it myself. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
