[TriLUG] Iptables confusion

Jon Carnes jonc at nc.rr.com
Mon May 5 07:59:37 EDT 2003


I think the best way to do this would be to write a module that is
tcp-wrappers aware and modifies the ports in the firewall - then
re-write Portmapper to call that module right after it assigns it's
random port (or ports).

If you write it... Please make sure it outputs info that can be dumped
to syslog!

Jon

On Mon, 2003-05-05 at 02:33, Stephen P. Schaefer wrote:
> Jeremy Portzer wrote:
> 
> > But he's using NFS, and there's no way to predict what ports NFS will
> > use.  That's why the permissive rule is necessary.
> > 
> > --Jeremy
> > 
> 
> Someday, I'm going to get around to writing a script to be called from 
> /etc/init.d/nfs that runs rpcinfo to find the ports used by the NFS 
> services (mountd, nfs, status, rquotad), and then opens them up in the 
> firewall.  Just a little more complicated than what the ntpd script does 
> to let your ntp server operate.  The script will need to be told which 
> interfaces it should operate on: God help you were the internet to talk 
> to your NFS!
> 
> Oh, yeah: nfs stop should remove those rules.
> 
>      - Stephen
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/faq/TriLUG-faq.html




More information about the TriLUG mailing list