[clug] iptables for a samba file server
Steve Walsh
steve at nerdvana.org.au
Wed Sep 20 14:28:22 UTC 2017
Hello
On 20/09/17 20:38, CLUG via linux wrote:
> These rules allow for management via ssh (22), DNS lookup (53), NTP
> time (123), port 80 for apt, and the minimum ports for an smb file
> server. I guess ping is not required but it can be useful.
what is your rational behind specifically permitting the ports that can
exit the system? I think following that path, coupled with a default
DROP on your output chain, is going to come back around to bite you at
some point down the track, and it will be a serious pain to debug.
>
> How would I apply these rules to a specific interface, e.g. eth0 ?
According to the man page, you can use the -i and -o options;
[!] -i, --in-interface name
Name of an interface via which a packet was received
(only for
packets entering the INPUT, FORWARD and PREROUTING
chains).
When the "!" argument is used before the interface
name, the
sense is inverted. If the interface name ends in a
"+", then
any interface which begins with this name will match.
If this
option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be
sent (for
packets entering the FORWARD, OUTPUT and POSTROUTING
chains).
When the "!" argument is used before the interface
name, the
sense is inverted. If the interface name ends in a
"+", then
any interface which begins with this name will match.
If this
option is omitted, any interface name will match.
More information about the linux
mailing list