[Samba] RE: firewall

[Justin Georgeson]

Well, still no go. I've attached the script I used to create the 
firewall. Tcpdump still shows an icmp packet going back to the queried 
machine to say the UDP port is unreachable. Also, I don't see anything 
in any files in /var/log (I grepped for Packets).

Can anyone comment on what the -m flag is for?

Ulrich Kohlhase wrote:

> Justin,
>
>
> >-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT
> >-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT
> >-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT
>
>
> Did you specify OUTPUT rules also ? You may want to try the following
> lines taken from a working server config. "keep_state" is a special
> chain for stateful inspection and logging purposes:
>
> -A INPUT   -p tcp -s 192.168.1.0/24 --sport 1024: --dport 137:139 -j
> ACCEPT
> -A OUTPUT  -p tcp -d 192.168.1.0/24 --sport 137:139 --dport 1024: -j
> keep_state
> -A OUTPUT  -p tcp -d 192.168.1.0/24 --sport 1024: --dport 137:139 -j
> ACCEPT
> -A INPUT   -p tcp -s 192.168.1.0/24 --sport 137:139 --dport 1024: -j
> keep_state
> -A INPUT   -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT
> -A OUTPUT  -p udp -d 192.168.1.0/24 --dport 137:139 -j ACCEPT
>
> -N keep_state
> -A keep_state -m state --state INVALID -j DROP
> -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
> # debug, info, notice, warning, err, crit, alert und emerg
> -A keep_state -m limit --limit 10/minute --limit-burst 10 -j LOG
> --log-level notice --log-prefix "Packets dropped: "
> -A keep_state -j DROP
>
>

-- 
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main   713.329.9330
Fax    713.460.4051
Mobile 512.789.1962

5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fw.sh
Type: application/x-sh
Size: 1619 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20021104/9bbbdf24/fw.sh