X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-disabled-firewall-rules;h=3d1e9025ff8e7bfbf8f59b1938cc1f8fd9cc8024;hp=c126d432d33d1a441a4df69de52abf5ef4557ff5;hb=d29d21017de635db1d05769144db56f44addd055;hpb=645ab36988f8eed2e85d066bdf1ad8a12e7aabc0

diff --git a/wrt-disabled-firewall-rules b/wrt-disabled-firewall-rules
index c126d43..3d1e902 100644
--- a/wrt-disabled-firewall-rules
+++ b/wrt-disabled-firewall-rules
@@ -1,8 +1,7 @@
 firewall rules, temporarily disabled until I get them working
 
 
-#### begin port forwarding rules ####
-      # each port forward needs corresponding forward in the vpn server
+# each port forward needs corresponding forward in the vpn server
 
 
 #http/https
@@ -59,6 +58,88 @@ config rule
 
 
 
+#### begin rules for nfs ####
+# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs
+# https://wiki.debian.org/SecuringNFS
+# I had no /etc/default/quota, or any process named quota anything,
+# so, assumed that was unneeded. seems to work.
+config redirect
+    option src              wan
+    option src_dport        111
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        111
+config redirect
+    option src              wan
+    option src_dport        2049
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        2049
+config redirect
+    option src              wan
+    option src_dport        32764
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        32764
+config redirect
+    option src              wan
+    option src_dport        32765
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        32765
+config redirect
+    option src              wan
+    option src_dport        32766
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        32766
+config redirect
+    option src              wan
+    option src_dport        32767
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        32767
+config redirect
+    option src              wan
+    option src_dport        32768
+    option dest_ip          192.168.1.2
+    option dest             lan
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        32768
+#### end rules for nfs ####
+
+
+config redirect
+    option name mariadb
+    option src              wan
+    option src_dport        3306
+    option dest             lan
+    option dest_ip          192.168.1.2
+    option proto            tcp
+config rule
+    option src              wan
+    option target           ACCEPT
+    option dest_port        3306
+    option proto            tcp
 
 
-#### end port forwarding rules ####