How to handle NFS and CIFS mount points when using firewall-cmd to set up firewall?

pclinux66 · 06-19-2020, 11:09 AM

I'm new in this forum and also new in setting up firewall using firewall-cmd. I'm working on Oracle Linux 7 servers which have both NFS and CIFS mount points.

For example:

NFS mount point 10.40.100.20:/database
CIFS mount point //10.40.100.30/reports

Do I just add them in a zone like this:

firewall-cmd --zone=mountpoints --add-source=10.40.100.20
firewall-cmd --zone=mountpoints --add-source=10.40.100.30
firewall-cmd --zone=mountpoints --add-service=nfs
firewall-cmd --zone=mountpoints --add-service=samba

Thanks for any help.

berndbausch · 06-20-2020, 05:23 AM

As far as I know, the firewalld services nfs and samba help open ports on NFS and CIFS servers for ingress traffic. You seem to configure a client, which generates egress traffic.

Egress ports are normally not closed.

pclinux66 · 06-20-2020, 11:26 AM

Quote:

Originally Posted by berndbausch

As far as I know, the firewalld services nfs and samba help open ports on NFS and CIFS servers for ingress traffic. You seem to configure a client, which generates egress traffic.

Egress ports are normally not closed.

Hi berndbausch,

You're right that those are clients. I'm using netstat to check what connections have been established but that does not tell me whether the connection generates egrees, ingress, or both type of traffic. Do you have any suggestion how to determine the type of traffic for a connection using commands commonly available on linux servers?

Thanks for your help.