Some NFS servers are configured to allow mounts from untrusted hosts,
but the firewall won't let them. Fix this.
http https rsync \
git
+allowservices inbound-untrusted tcp \
+ sunrpc mount nfs
+allowservices inbound-untrusted udp \
+ sunrpc mount nfs
+
## Provide DNS resolution to local untrusted hosts.
for p in tcp udp; do
run ip46tables -A inbound -j ACCEPT \
defport tftp 69
defport finger 79
defport http 80
+defport sunrpc 111
defport ident 113
defport netbios_ns 137
defport netbios_dgm 138
defport ftps 990
defport imaps 993
defport h323 1720
+defport nfs 2049
defport ssquid 3127
defport squid 3128
defport icp 3130
defport i2p 16911
defport disorder2 23598
defport disorder 23599
+defport mount 32767
defport udpkey 59274
## Protocol numbers.
rsync \
http https squid
+allowservices inbound-untrusted tcp \
+ sunrpc mount nfs
+allowservices inbound-untrusted udp \
+ sunrpc mount nfs
+
## Provide DNS resolution to local untrusted hosts.
for p in tcp udp; do
run ip46tables -A inbound-untrusted -j ACCEPT \
rsync \
http https squid ssquid
+allowservices inbound-untrusted tcp \
+ sunrpc mount nfs
+allowservices inbound-untrusted udp \
+ sunrpc mount nfs
+
run iptables -A inbound -j ACCEPT \
-p udp --destination-port $port_icp \
-m limit --limit 10/second --limit-burst 100