Tuesday, February 12, 2013

nis nfs + iptables

5.3.4. Assign Static Ports and Use IPTables Rules

All of the servers related to NIS can be assigned specific ports except for rpc.yppasswdd — the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, rpc.ypxfrd and ypserv, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
To do this, add the following lines to /etc/sysconfig/network:
YPSERV_ARGS="-p 834"
YPXFRD_ARGS="-p 835"
The following IPTables rules can be issued to enforce which network the server listens to for these ports:
iptables -A INPUT -p ALL -s! 192.168.0.0/24  --dport 834 -j DROP  or Allow
iptables -A INPUT -p ALL -s! 192.168.0.0/24  --dport 835 -j DROP or ALLOW


or 

write a script
RPC_TCP=`rpcinfo -p 10.0.0.2 | perl -n -e '/.*tcp\s+(\d+)\s+/ && print

$1,"\n"'|sort -u`

for port in $RPC_TCP; do

iptables -A INPUT -p ALL -s! 192.168.0.0/24  --dport $port -j DROP  or Allow

iptables -A INPUT -p ALL -s! 192.168.0.0/24  --dport $port -j DROP or ALLOW

done

for nfs
http://www.cyberciti.biz/faq/centos-fedora-rhel-iptables-open-nfs-server-ports/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)