#!/bin/bash
#script for adding iptables rules to support exporting NFS share
#behind iptables firewall.

#get the port numbers 
PORTS=`rpcinfo -p | awk '$4 != "port" { print $4 }' | uniq | paste -sd,`

#function to check/create iptables chain NFS
check_ipt () {
	/sbin/iptables -L NFS >/dev/null 2>&1 || /sbin/iptables -N NFS
}

#function to insert iptables rules
ins_rul () {
/sbin/iptables -F NFS
/sbin/iptables -I NFS 1 -m state --state NEW -p tcp -m multiport --dports $PORTS,2049,111 -j ACCEPT
/sbin/iptables -I NFS 2 -m state --state NEW -p udp -m multiport --dports $PORTS,2049,111 -j ACCEPT
#change below as per your need/iptables chain name.
/sbin/iptables -R loc2fw 1 -j NFS
}

check_ipt
ins_rul