[Samba] security/firewall rules
Paul Miller
paul-samba at pinheiro.tcimet.net
Mon Mar 18 11:45:00 GMT 2002
Hello Samba users,
I'm woundering if anyone has put together a rule set to allow Samba to run
over a firewall (?). I would like to know what iptable rules need to be
inserted to allow for proper opperation without allowing anything to slip
through. (Assume all other priviledged ports are blocked, and unpriviledged
ports require established/related connections.)
Here's what I have currently (as a guess):
$IPTABLES -A INPUT -i $EXT -p tcp --dport 137:139 -j TCPACCEPT
$IPTABLES -A INPUT -i $EXT -p udp --dport 137:139 -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p tcp --dport 445 -j TCPACCEPT
$IPTABLES -A INPUT -i $EXT -p udp --dport 445 -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p udp --sport 137:139 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p tcp --sport 137:139 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p udp --sport 137:139 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p tcp --sport 445 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT -p udp --sport 445 -j ACCEPT
TCPACCEPT is a chain that checks for floods, then accepts if no limits have
been reached.
Please do not respond by telling me not to run Samba or to run another
service!
Thank you!
Paul Miller
More information about the samba
mailing list