Init Scripts and Firewall Rules

Tue Mar 31 04:55:19 MDT 2015

Sent this to contributing@ about three weeks ago but no response, I
though they might be useful on the wiki:

> Given that so many distros have now switched to systemd, I believe it
> would be appropriate to add a reference service file for systemd-based
> systems to the InitScripts page.

> I have a service file I've been using for a few months in production
> on CentOS 7, as well as firewalld service files that could be added to
> the Configure_your_firewall page.

> Of the firewalld files, I've only tested the DC one, but - assuming
> the current wiki page is correct - the others should work.

/etc/firewalld/services/samba-ad-dc.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>samba-ad-dc</short>
    <description>Samba Active Directory Domain Controller</description>
    <port protocol="tcp" port="53"/>
    <port protocol="udp" port="53"/>
    <port protocol="tcp" port="88"/>
    <port protocol="udp" port="88"/>
    <port protocol="tcp" port="135"/>
    <port protocol="udp" port="137-138"/>
    <port protocol="tcp" port="139"/>
    <port protocol="tcp" port="389"/>
    <port protocol="udp" port="389"/>
    <port protocol="tcp" port="445"/>
    <port protocol="tcp" port="464"/>
    <port protocol="udp" port="464"/>
    <port protocol="tcp" port="636"/>
    <port protocol="tcp" port="1024-5000"/>
    <port protocol="tcp" port="3268-3269"/>
    <port protocol="tcp" port="5353"/>
    <port protocol="udp" port="5353"/>
</service>

/etc/firewalld/services/samba-member.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>samba-member</short>
    <description>Samba Domain Member Server</description>
    <port protocol="tcp" port="135"/>
    <port protocol="udp" port="137-138"/>
    <port protocol="tcp" port="139"/>
    <port protocol="tcp" port="445"/
</service>

This one's a bit redundant - /etc/firewalld/services/samba-nt4-pdc.service:
<?xml version="1.0" encoding="utf-8"?>
<service>
    <short>samba-nt4-pdc</short>
    <description>Samba NT4 Primary Domain Controller</description>
    <port protocol="tcp" port="135"/>
    <port protocol="udp" port="137-138"/>
    <port protocol="tcp" port="139"/>
    <port protocol="tcp" port="445"/
</service>

/etc/systemd/system/samba-ad-dc.service:
[Unit]
Description=Samba AD Daemon
After=syslog.target network.target

[Service]
Type=forking
PIDFile=/usr/local/samba/var/run/samba.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/local/samba/sbin/samba $SAMBAOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target