Hosting NFSv4 behind a firewall
When you access the NFS server using v4 of the protocol on both the client and server, the firewall configuration is quite simple with only the TCP port 2049
required to be opened. The default firewall daemon on RHEL 7 is firewalld
and is managed from the command line using firewall-cmd
.
We have been running the standard firewall for our demonstrations thus far just opening the one additional port 2049
, as detailed in the lab overview earlier in this section.
We can list the current firewall configuration using the following command:
$ sudo firewall-cmd --list-all
The output is shown in the following screenshot:
Should you need to remove the port setting that we added, this can be done using the following commands:
$ sudo firewall-cmd --remove-port=2049/tcp --permanent $ sudo firewall-cmd --reload
Of course, a client can no longer access the NFS exports. We have the choice of adding ports or service entries. To add a service entry, the port and associated service...