pf blocking nfs

Chuck Swiger cswiger at
Wed Nov 30 03:12:40 GMT 2005

Aaron P. Martinez wrote:
> I am running FreeBSD 6.0-release and setting up a very basic firewall
> using pf on my workstation.  The ruleset is as follows:
> block in log all
> pass quick on lo0 all
> #pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass  out on fxp0 proto { tcp, udp, icmp } all keep state

Your firewall config is not enough to permit NFS to pass.  You might
consider adding a "pass all" rule for machines on the local subnet.

[ Perhaps you should re-evaluate your network so that you do not attempt
to pass NFS through the firewall.  If you have to do filesharing between
machines over an untrusted connection, should should consider a VPN or
SSH tunnel approach instead. ]


More information about the freebsd-questions mailing list