diff --git a/firewall b/firewall
index 32ba4ec..e63e461 100755
--- a/firewall
+++ b/firewall
@@ -150,14 +150,17 @@ fw_start() {
     $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"
   fi
 
-  #### NFS Server
-  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
-  #$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
-  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS in"
-  #$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS in"
-  ## 32769: rpc.quotad
-  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 32769 -m state --state NEW -m comment --comment "NFS quotad in"
-  #$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 32769 -m state --state NEW -m comment --comment "NFS quotad in"
+  if [ $(command -v nfsdcltrack) ]; then
+    #### NFS Server
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS in"
+    $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS in"
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS "
+    $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS in"
+    # 32769: rpc.quotad
+    # For more informations see: https://wiki.debian.org/SecuringNFS
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 32769 -m state --state NEW -m comment --comment "NFS quotad in"
+    $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 32769 -m state --state NEW -m comment --comment "NFS quotad in"
+  fi
 
   #### tftp allowed
   #$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --dport 69 -m state --state NEW -m comment --comment "TFTPD in"
@@ -229,26 +232,29 @@ fw_start() {
     $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPDs out"
   fi
 
-if [ -d /etc/ldap ]; then
-  #### ldap connection should be in TLS or at least in LDAPS/SSL
-  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "LDAP out"
-  $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "LDAPS out"
-fi
+  if [ -d /etc/ldap ]; then
+    #### ldap connection should be in TLS or at least in LDAPS/SSL
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "LDAP out"
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "LDAPS out"
+  fi
 
-if [ $(command -v dhcpd) ]; then
-  #### dhcpd
-  $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "DHCPD out"
-fi
+  if [ $(command -v dhcpd) ]; then
+    #### dhcpd
+    $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "DHCPD out"
+  fi
+
+  if [ $(command -v nfsiostat) ]; then
+    #### NFS Client
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
+    $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS out"
+    $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS out"
+    # List of ports to use given by NFS server
+    # For more informations see: https://wiki.debian.org/SecuringNFS
+    $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 32767 -m state --state NEW -m comment --comment "NFS mountd out"
+    $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 32767 -m state --state NEW -m comment --comment "NFS mountd out"
+  fi
 
-#  #### NFS Client
-#  #$IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
-#  #$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
-#  #$IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS out"
-#  #$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 2049 -m state --state NEW -m comment --comment "NFS out"
-#  ## Port spécifié par le serveur NFS contacté
-#  #$IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 32767 -m state --state NEW -m comment --comment "NFS mountd out"
-#  #$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 32767 -m state --state NEW -m comment --comment "NFS mountd out"
-#
 #  #### Printers
 #  $IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 161 -m state --state NEW -m comment --comment "SNMP OUT"
 #
@@ -332,7 +338,7 @@ case "${1}" in
     fw_stop
     fw_init
     # List all available interface except localhost
-    for PATH_ILAN in $(find /sys/class/net/ ! -name lo -type l); do
+    for PATH_ILAN in $(find /sys/class/net/ ! \( -name lo -o -iname "tun*" \) -type l); do
       # Interface name
       ILAN=$(basename ${PATH_ILAN})
       IS_UP=$(grep 1 ${PATH_ILAN}/carrier)