Hi,
hier wie versprochen, der NFS <-> firewallup Test
firewallup nicht angepasst
Inhalt /etc/zendeb/firewallup:
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -d 192.168.10.0/24 -j ACCEPT
/sbin/iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
/sbin/iptables -A OUTPUT -j REJECT
Ausgabe iptables --list:
ZitatAlles anzeigenChain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere localhost
ACCEPT 0 -- anywhere localnet/24
ACCEPT 0 -- anywhere anywhere OWNER UID match root
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Ausgabe von mount:
ZitatSMT7020S:~# mount -t nfs 192.168.178.10:/var/lib/video /video
mount: 192.168.178.10:/var/lib/video: can't read superblock
So, und jetzt mit angepasstem firewallup Script
Inhalt /etc/zendeb/firewallup:
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -d 192.168.178.0/24 -j ACCEPT
/sbin/iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
/sbin/iptables -A OUTPUT -j REJECT
Ausgabe iptables --list:
ZitatAlles anzeigenChain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere localhost
ACCEPT 0 -- anywhere 192.168.178.0/24
ACCEPT 0 -- anywhere anywhere OWNER UID match root
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Ausgabe von mount:
ZitatSMT7020S:~# mount -t nfs 192.168.178.10:/var/lib/video /video
SMT7020S:~#
Gruß Pascal