Skip to content

Instantly share code, notes, and snippets.

@alexander-arce

alexander-arce/UFW rules for NFS

Last active September 5, 2016 09:18
Show Gist options
  • Save alexander-arce/10951956 to your computer and use it in GitHub Desktop.
Save alexander-arce/10951956 to your computer and use it in GitHub Desktop.
Download ZIP
Open NFS ports on Gentoo
Raw
UFW rules for NFS
Edit next systemd service files.
On
/usr/lib64/systemd/system/rpc-mountd.service
edit ExecStart
ExecStart=/usr/sbin/rpc.mountd -F -p 32767
On
/usr/lib64/systemd/system/rpc-statd.service
edit ExecStart
ExecStart=/sbin/rpc.statd -F -p 32765 -o 32766
Run
systemctl daemon-reload
systemctl restart rpc-mountd.service
systemctl restart rpc-statd.service
If check rpcinfo (rpcinfo -p) output
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 45388 nlockmgr
100021 3 udp 45388 nlockmgr
100021 4 udp 45388 nlockmgr
100021 1 tcp 39962 nlockmgr
100021 3 tcp 39962 nlockmgr
100021 4 tcp 39962 nlockmgr
100005 1 udp 32767 mountd
100005 1 tcp 32767 mountd
100005 2 udp 32767 mountd
100005 2 tcp 32767 mountd
100005 3 udp 32767 mountd
100005 3 tcp 32767 mountd
Next add rules on UFW
ufw allow from <your ip address>/24 to any port 111
ufw allow from <your ip address>/24 to any port 2049
ufw allow from <your ip address>/24 to any port 32767
ufw allow from <your ip address>/24 to any port 32765
ufw allow from <your ip address>/24 to any port 32766
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment