[root@nfs ~]# rpcinfo -p | awk '{print $3 ", " $4 ", " $5}' | sort | uniq
tcp, 1002, rquotad
tcp, 111, portmapper
tcp, 2049, nfs
tcp, 43875, nlockmgr
tcp, 696, mountd
udp, 111, portmapper
udp, 2049, nfs
udp, 32790, nlockmgr
udp, 693, mountd
udp, 999, rquotad
协议, 端口,
rpcinfo -p | awk '{print $3 "," $4 "," $5}' | sort | uniq|awk -F"," '{print "-A RH-Firewall-1-INPUT -p "$1" -m "$1" --dport "$2" -j ACCEPT"}'
vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT
#nfs-through-iptables
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p tcp -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p tcp -m tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p tcp -m tcp --dport 710 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p tcp -m tcp --dport 49211 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p tcp -m tcp --dport 776 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p udp -m udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p udp -m udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p udp -m udp --dport 32817 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p udp -m udp --dport 707 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.1 -p udp -m udp --dport 773 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
参考:
阅读(1007) | 评论(2) | 转发(0) |