ipfw and NFS?

Dominic Mitchell dom at happygiraffe.net
Mon Mar 25 10:26:46 GMT 2002


On Sat, Mar 23, 2002 at 07:25:56PM +0000, Jose Marques wrote:
> On Sat, 23 Mar 2002, Jonathan Belson wrote:
> > Has anyone got any snippets of rc.firewall which show how
> > it's done?
> 
> Assuming you're using the "Simple" option then adding something like:
> 
> # Allow any traffic to or from my own net via internal interface
> ${fwcmd} add pass all from ${iip} to ${inet}:${imask} via ${iif}
> ${fwcmd} add pass all from ${inet}:${imask} to ${iip} via ${iif}
> 
> should do the job (not tested it though).  NFS is a bugger to firewall
> because or portmapper.

<pedant>
  Actually, NFS is ok, because it's hard coded to port 2049.  mountd(8)
  is the real bugger because it does use portmap.
</pedant>

-Dom




More information about the Ukfreebsd mailing list