Date: Thu, 10 May 2001 09:16:02 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: mandric@EECS.Berkeley.EDU Cc: freebsd-stable@FreeBSD.ORG Subject: Re: nfs and ipfw Message-ID: <200105101616.f4AGG2u97467@pau-amma.whistle.com> In-Reply-To: <Pine.SOL.4.30.0105100906590.22139-100000@argus.EECS.Berkeley.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Thu, 10 May 2001 09:10:34 -0700 (PDT)
>From: Milan Andric <mandric@EECS.Berkeley.EDU>
>Can't you just allow udp from you nfs server ip?
>in rc.firewall:
>${fwcmd} add pass udp from ${ip} to NFS-SERVER
>${fwcmd} add pass udp from NFS-SERVER to ${ip}
>Milan
>On Thu, 10 May 2001, Cy Schubert - ITSD Open Systems Group wrote:
>> Not only difficult but leaves large enough holes in your firewall to
>> drive a Mack truck though it.
Yup; that would qualify as "large enough holes in your firewall to drive
a Mack truck though it". At least. (Was it your intent to provide an
example of what Cy wrote...?)
Actually, if you want all UDP to flow unhindered, why bother with a
"firewall"??!? (OK; there could be some reasons -- like just tracking
usage, to using dummynet facilities... but calling the result a
"firewall" isn't very useful.)
Cheers,
david
--
David Wolfskill dhw@whistle.com UNIX System Administrator
Desk: 650/577-7158 TIE: 8/499-7158 Cell: 650/759-0823
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105101616.f4AGG2u97467>