Init Scripts and Firewall Rules
Daniel Cotton
danielcotton.mailinglists at gmail.com
Tue Mar 31 04:55:19 MDT 2015
Sent this to contributing@ about three weeks ago but no response, I
though they might be useful on the wiki:
> Given that so many distros have now switched to systemd, I believe it
> would be appropriate to add a reference service file for systemd-based
> systems to the InitScripts page.
> I have a service file I've been using for a few months in production
> on CentOS 7, as well as firewalld service files that could be added to
> the Configure_your_firewall page.
> Of the firewalld files, I've only tested the DC one, but - assuming
> the current wiki page is correct - the others should work.
/etc/firewalld/services/samba-ad-dc.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>samba-ad-dc</short>
<description>Samba Active Directory Domain Controller</description>
<port protocol="tcp" port="53"/>
<port protocol="udp" port="53"/>
<port protocol="tcp" port="88"/>
<port protocol="udp" port="88"/>
<port protocol="tcp" port="135"/>
<port protocol="udp" port="137-138"/>
<port protocol="tcp" port="139"/>
<port protocol="tcp" port="389"/>
<port protocol="udp" port="389"/>
<port protocol="tcp" port="445"/>
<port protocol="tcp" port="464"/>
<port protocol="udp" port="464"/>
<port protocol="tcp" port="636"/>
<port protocol="tcp" port="1024-5000"/>
<port protocol="tcp" port="3268-3269"/>
<port protocol="tcp" port="5353"/>
<port protocol="udp" port="5353"/>
</service>
/etc/firewalld/services/samba-member.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>samba-member</short>
<description>Samba Domain Member Server</description>
<port protocol="tcp" port="135"/>
<port protocol="udp" port="137-138"/>
<port protocol="tcp" port="139"/>
<port protocol="tcp" port="445"/
</service>
This one's a bit redundant - /etc/firewalld/services/samba-nt4-pdc.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>samba-nt4-pdc</short>
<description>Samba NT4 Primary Domain Controller</description>
<port protocol="tcp" port="135"/>
<port protocol="udp" port="137-138"/>
<port protocol="tcp" port="139"/>
<port protocol="tcp" port="445"/
</service>
/etc/systemd/system/samba-ad-dc.service:
[Unit]
Description=Samba AD Daemon
After=syslog.target network.target
[Service]
Type=forking
PIDFile=/usr/local/samba/var/run/samba.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/local/samba/sbin/samba $SAMBAOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
More information about the samba-technical
mailing list