Date: Sun, 03 Apr 2005 23:40:15 -0400 From: Matt Juszczak <matt@atopia.net> To: =?UTF-8?B?RXJpayBOw7hyZ2FhcmQ=?= <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: IPFILTER and NFS Message-ID: <4250B71F.60309@atopia.net> In-Reply-To: <42503A76.20309@locolomo.org> References: <424F8B94.7050006@atopia.net> <424FCDD3.6040507@locolomo.org> <425030A0.4000809@atopia.net> <42503A76.20309@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Erik, I already have that :-( ---snip--- # Default pass out pass out quick on em0 all keep state # Fragmented/Short/Opts/Fprinting packets block in quick on em0 all with ipopts block in quick on em0 all with frag block in quick on em0 proto tcp all with short block in quick on em0 proto tcp all flags FUP # Block local nets block in quick on em0 from 255.255.255.255/32 to any block in quick on em0 from 192.168.0.0/16 to any block in quick on em0 from 172.16.0.0/12 to any block in quick on em0 from 127.0.0.0/8 to any block in quick on em0 from 10.0.0.0/8 to any block in quick on em0 from 0.0.0.0/32 to any ---snip--- Erik Nørgaard wrote: > Matt Juszczak wrote: > >> I dont have access to the nfs server... only the client. Your >> configuration info showed me making changes on the server. is there >> a way to make the client work ok? > > > Just let your client connect to any port on the server - keep state so > you can block incoming connections: > > pass out quick on <interface> proto tcp from <client>/32 \ > to <nfs-server>/32 flags S keep state > pass out quick on <interface> proto udp from <client>/32 \ > to <nfs-server>/32 keep state > > Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4250B71F.60309>