LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to handle NFS and CIFS mount points when using firewall-cmd to set up firewall? (https://www.linuxquestions.org/questions/linux-security-4/how-to-handle-nfs-and-cifs-mount-points-when-using-firewall-cmd-to-set-up-firewall-4175677337/)

pclinux66 06-19-2020 11:09 AM
How to handle NFS and CIFS mount points when using firewall-cmd to set up firewall?
 
I'm new in this forum and also new in setting up firewall using firewall-cmd. I'm working on Oracle Linux 7 servers which have both NFS and CIFS mount points.

For example:

NFS mount point 10.40.100.20:/database
CIFS mount point //10.40.100.30/reports

Do I just add them in a zone like this:

firewall-cmd --zone=mountpoints --add-source=10.40.100.20
firewall-cmd --zone=mountpoints --add-source=10.40.100.30
firewall-cmd --zone=mountpoints --add-service=nfs
firewall-cmd --zone=mountpoints --add-service=samba

Thanks for any help.

berndbausch 06-20-2020 05:23 AM
As far as I know, the firewalld services nfs and samba help open ports on NFS and CIFS servers for ingress traffic. You seem to configure a client, which generates egress traffic.

Egress ports are normally not closed.

pclinux66 06-20-2020 11:26 AM
Quote:
Originally Posted by berndbausch (Post 6136302)
As far as I know, the firewalld services nfs and samba help open ports on NFS and CIFS servers for ingress traffic. You seem to configure a client, which generates egress traffic.

Egress ports are normally not closed.
Hi berndbausch,

You're right that those are clients. I'm using netstat to check what connections have been established but that does not tell me whether the connection generates egrees, ingress, or both type of traffic. Do you have any suggestion how to determine the type of traffic for a connection using commands commonly available on linux servers?

Thanks for your help.


All times are GMT -5. The time now is 10:01 AM.