IPFILTER and NFS
Matt Juszczak
matt at atopia.net
Sun Apr 3 20:40:16 PDT 2005
Erik,
I already have that :-(
---snip---
# Default pass out
pass out quick on em0 all keep state
# Fragmented/Short/Opts/Fprinting packets
block in quick on em0 all with ipopts
block in quick on em0 all with frag
block in quick on em0 proto tcp all with short
block in quick on em0 proto tcp all flags FUP
# Block local nets
block in quick on em0 from 255.255.255.255/32 to any
block in quick on em0 from 192.168.0.0/16 to any
block in quick on em0 from 172.16.0.0/12 to any
block in quick on em0 from 127.0.0.0/8 to any
block in quick on em0 from 10.0.0.0/8 to any
block in quick on em0 from 0.0.0.0/32 to any
---snip---
Erik Nørgaard wrote:
> Matt Juszczak wrote:
>
>> I dont have access to the nfs server... only the client. Your
>> configuration info showed me making changes on the server. is there
>> a way to make the client work ok?
>
>
> Just let your client connect to any port on the server - keep state so
> you can block incoming connections:
>
> pass out quick on <interface> proto tcp from <client>/32 \
> to <nfs-server>/32 flags S keep state
> pass out quick on <interface> proto udp from <client>/32 \
> to <nfs-server>/32 keep state
>
> Erik
More information about the freebsd-questions
mailing list