
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# WARNING: ONLY USE THE NFS SERVICE WITH TRUSTED CLIENTS. Accepting NFS
# traffic leaves your UDP ports (input and output) wide open to these 
# clients!
#
# To install, copy this file to /etc/firewall/modules/public/services/
# 320-nfs-clients and execute rc.firewall with the --update-config
# parameter. The proper options will be added to the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-10-14  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# nfs
#t# clients
#
#   |--------------------------------------------------------------------|
#d# WARNING: ONLY USE THE NFS SERVICE WITH TRUSTED CLIENTS. Accepting NFS
#d# traffic leaves your UDP ports wide open to these clients!
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------


#--------------------------------------------------------------------
# SUNRPC (111)
#--------------------------------------------------------------------

for host in `Option_Value accept $INTOPT nfs clients`
do
	echo "Accept $INTOPT $IPADDR SUNRPC <- $host $LOG_MSG"

	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host   $PRIVPORTS -d $IPADDR sunrpc     $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR sunrpc     -d $host   $PRIVPORTS $LOG

	ipchains -A $INCHAIN  -j ACCEPT -p tcp      -s $host   $PRIVPORTS -d $IPADDR sunrpc     $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp ! -y -s $IPADDR sunrpc     -d $host   $PRIVPORTS $LOG
done
unset host

#--------------------------------------------------------------------
# NFS (Port 2049)
#--------------------------------------------------------------------

for host in `Option_Value accept $INTOPT nfs clients`
do
	echo "Accept $INTOPT $IPADDR NFS -> $host $LOG_MSG"

	ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host   -d $IPADDR $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR -d $host   $LOG

	ipchains -A $INCHAIN  -j ACCEPT -p tcp      -s $host $PRIVPORTS -d $IPADDR 715      $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp ! -y -s $IPADDR 715      -d $host $PRIVPORTS $LOG

	ipchains -A $INCHAIN  -j ACCEPT -p tcp      -s $host $PRIVPORTS -d $IPADDR 2049     $LOG
	ipchains -A $OUTCHAIN -j ACCEPT -p tcp ! -y -s $IPADDR 2049     -d $host $PRIVPORTS $LOG
done
unset host

