Want more features on Pastebin? Sign Up, it's FREE!
Guest

centos6-iptables_for_nfs

By: ajhlinuxuser on Sep 12th, 2012  |  syntax: None  |  size: 1.80 KB  |  views: 425  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. CentOS 6.2 (LiveCD Graphical install) Tinker machine PG
  2. /etc/sysconfig/iptables
  3.  
  4. # Firewall configuration written by system-config-firewall
  5. # Manual customization of this file is not recommended.
  6. *filter
  7. :INPUT ACCEPT [0:0]
  8. :FORWARD ACCEPT [0:0]
  9. :OUTPUT ACCEPT [0:0]
  10. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  11. -A INPUT -p icmp -j ACCEPT
  12. -A INPUT -i lo -j ACCEPT
  13. -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  14.  
  15. #manual nfs entries
  16. #    the term "RH-Firewall-1-INPUT" did not work, I changed it to "INPUT" and that fixed it.
  17. -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
  18. -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
  19. -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
  20. -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 2049 -j ACCEPT
  21. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p tcp --dport 32803 -j ACCEPT
  22. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p udp --dport 32769 -j ACCEPT
  23. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p tcp --dport 892 -j ACCEPT
  24. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p udp --dport 892 -j ACCEPT
  25. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p tcp --dport 875 -j ACCEPT
  26. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p udp --dport 875 -j ACCEPT
  27. -A INPUT -s 192.168.0.0/24  -m state --state NEW -p tcp --dport 662 -j ACCEPT
  28. -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT
  29. #manual nfs entries end
  30.  
  31. -A INPUT -j REJECT --reject-with icmp-host-prohibited
  32. -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  33. COMMIT
  34.  
  35. #ref:
  36. #    http://www.cyberciti.biz/faq/centos-fedora-rhel-iptables-open-nfs-server-ports/
  37. #    http://pario.no/2008/01/15/allow-nfs-through-iptables-on-a-redhat-system/
clone this paste RAW Paste Data