Allowing NFS through iptables/firewalld: Difference between revisions
Jump to navigation
Jump to search
(created page on allowing NFS through iptables/firewalld) |
(Added firewalld/iptables for NFS) |
||
| Line 1: | Line 1: | ||
===firewalld=== | ===CentOS 7: firewalld=== | ||
# Look at current firewalld settings: | # Look at current firewalld settings: | ||
[root@qof ~]# firewall-cmd --list-all | [root@qof ~]# firewall-cmd --list-all | ||
| Line 39: | Line 39: | ||
icmp-blocks: | icmp-blocks: | ||
rich rules: | rich rules: | ||
===CentOS 6: iptables=== | |||
# Edit /etc/sysconfig/iptables. Add lines: | |||
-A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 2049 -j ACCEPT | |||
-A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 2049 -j ACCEPT | |||
-A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 111 -j ACCEPT | |||
-A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 111 -j ACCEPT | |||
-A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 875 -j ACCEPT | |||
-A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 875 -j ACCEPT | |||
# reload iptables | |||
$ service iptables restart | |||
# verify firewall configuration | |||
$ iptables -L -n | |||
Latest revision as of 16:27, 2 July 2018
CentOS 7: firewalld
# Look at current firewalld settings: [root@qof ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 eno2 sources: services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: # add NFS services to firewalld's allowances. Use permanent flag so that services remain allowed even after firewalld reloads [root@qof ~]# firewall-cmd --permanent --add-service=nfs success [root@qof ~]# firewall-cmd --permanent --add-service=mountd success [root@qof ~]# firewall-cmd --permanent --add-service=rpc-bind success [root@qof ~]# firewall-cmd --reload success # Verify changes stay [root@qof ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 eno2 sources: services: ssh dhcpv6-client nfs mountd rpc-bind ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
CentOS 6: iptables
# Edit /etc/sysconfig/iptables. Add lines: -A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s <subnet> --dport 875 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp -s <subnet> --dport 875 -j ACCEPT # reload iptables $ service iptables restart # verify firewall configuration $ iptables -L -n