#!/usr/bin/env python
#
# simple script puts out rules you can insert into
# /etc/sysconfig/iptables for all of your NFS hosts.
#
# Future improvements: 
# * parse /etc/exports to find all the hosts you need to punch.
# * parse /etc/sysconfig/nfs to get the fixed port numbers.

__author__ = "Nick Guy"
__license__ = "GPLv2"

import sys

if( len(sys.argv) < 2 ):
	print "Usage: " + argv[0] + "[ ]"
	sys.exit(1)

# Fix the ports the NFS daemons use in /etc/sysconfig/nfs
# See http://www.lowth.com/LinWiz/nfs_help.html
udpports = [ 111, 4000, 4002, 4003 ]
tcpports = [ 111, 2049, 4000, 4002, 4003 ]

# slice off the first argv element
for ip in sys.argv[1:]:

	for port in udpports:
		print "-A RH-Firewall-1-INPUT -p udp -m udp --dport " + str(port) + " -s " + ip

	for port in tcpports:
		print "-A RH-Firewall-1-INPUT -p tcp -m tcp --dport " + str(port) + " -s " + ip