Configuring IPtables and running into no file or directory error
I’m trying to add this configuration to my IPtables:
echo "IPTABLES_MODULES=\"nf_conntract_tftp nf_conntrack_ftp nf_conntrack_netbios_ns\"" >> /etc/sysconfig/iptables-config for port in 80 443 21 3306 2049 20048 111 138 139 445; do iptables -I INPUT 1 -p tcp --dport $port -j ACCEPT; done for port in 69 111 4011 137; do iptables -I INPUT 1 -p udp --dport $port -j ACCEPT; done service iptables save
but when I run the first line it gives me the error no file or directory. I checked the directories under /etc and did not see /sysconfig. Do I have to create that directory manually? I am running 1.5.9. Reason I’m digging around with IP tables is because I’m trying to find a way around securing NFS but on the wiki it says that there currently is no way to do it. I’m trying to see if I can find a way to at least restrict traffic to the server to one subnet on our production environment.
@alomarh Well it depends on what version of linux you are using. This appears to be RHEL compatible OS.
You can restrict the NFS server in FOG to limit access to a specific subnet range. You can do this without the need of a firewall. Look at the /etc/exports file. In the share line it starts with a star ( * ) replace that with the subnet range you want to share to. Look up nfs and exports for the exact syntax. Its hard to limit NFS to a single port range. You can do it, but you will need to make some configuration changes. NFSv4 is the way to go, but FOG is not there yet. I did experiment with it and it works with a few changes to the FOG server and FOS Linux.