This guide describes the procedure I used to set up the packet-filtering firewall for the the NIS and NFS on the Dell® workstation cluster at Department of Physics, Univeristy of Minnesota, which runs Redhat® Linux 7.3. For security reason, there is no any system information specific to Department of Physics at UMN. Read my disclaimer for errors and disclosure before you apply the information on this page.
The firewall can set by running /usr/sbin/setup command:
[root@walleye root]# /usr/sbin/setup
Select Firewall configuration, and you will see the options,"High", "Medium" and "No firewall". You can select "customize" to make you own configuration. In this case, I only allow incoming through "SSH".
Now, in order to make the NIS and NFS connection through the firewall, we need to punch hole through firewall on both server and clients.
For example, we want to accept all incoming from IP 123.123.123.123, the command is:
[root@walleye root]# ipchains -A input -s 123.123.123.123 -j ACCEPT
You can check the /etc/sysconfig/ipchains file, after you add this line.
The following is a part of the /etc/sysconfig/ipchains file.
# Firewall configuration
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 123.123.123.123 -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
If you want to stop ipchains, you can use the following command:
[root@walleye root]# /etc/rc.d/init.d/ipchains start
Or,stop and start again, by using restart,
[root@walleye root]# /etc/rc.d/init.d/ipchains restart