[Samba] firewalling SMB (and other protocols)

Andrew Bartlett abartlet at samba.org
Fri Dec 26 22:36:15 GMT 2003

On Thu, 2003-12-25 at 05:15, auto92089 at hushmail.com wrote:
> I looked around and couldn't find a page on firewalling samba.
> So I did the homework and wrote one:
> http://travcom.tripod.com/firewalls_and_protocols.html
> Please send me (directly or CC) any technical suggestions, as I will
> probably not read the list for very long.

Most of your Statements on Samba need a lot of work

(Naturally, all these rules should also allow the replies)

You must allow access to port 137 and port 138 UDP for browsing and name

You must allow outbound access to port 137 and 138 UDP on your clients. 

You must allow account to port 139 and 445 TCP for file, print and other

You must allow outbound access to port 139 and 445 TCP for browsing, and
SPOOLSS (printing) callbacks.

If you are using AD, then you need to allow access outbound to the AD
server's LDAP (TCP/UDP), DNS and Kerberos (TCP/UDP) ports...

Finally, when publishing technical documents, personal insults (no
matter who they are directed at) simply remove any sense of
professionalism from the result.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031227/2954a73a/attachment.bin

More information about the samba mailing list