[Samba] Samba AD firewalld services

Rowland Penny rowlandpenny241155 at gmail.com
Thu Aug 27 13:50:39 UTC 2015

On 27/08/15 13:50, L.P.H. van Belle wrote:
> After reading this thread.. and ..seeing the comments..
> I googled a bit around. and yes.. more then 5 sec..  ;-)
> I wonder why almost every "centos/redhat/rpm based" howto removes firewalld with the base iptables service

Now here's a funny thing, I was searching the samba wiki for 'firewall' 
and found there is a page on setting up samba4 on centos 7, about half 
way down that page is this:

This post setup will configure the services to startup and disable 
Selinux and Firewall, during my tests firewalld did not save the allowed 
ports, even with permanent flag, so I´v decided to disable to avoid 

So even on the samba wiki, you are advised to turn off firewalld :-D


> now, i'm not "pro" systemd or con systemd, i use it but i set my firewall with ufw,
> which is much more flexable in my opinion.
> I just dont care about how it starts.. as long as it works..
> so i found this one..
> http://www.certdepot.net/rhel7-get-started-firewalld/
> looks very nice, it explains all.
> base on that, howto create a "samba4-ad" service with multiple ports in it.
> or better, split it up in to..
> samba4-kerberos
> samba4-smbd
> samba4-nmbd
> etc..
> The only thing i cant see there in the "HAProxy example" is you can
> add multiple "port / protools" in there.
> thats up to you.
> but i think you wil manage that.
> .. side note..
> Firewalling is not really a samba topic.. but we are all (yes Rowland to) happy to help you..
> ;-)  Rowland is just not a "fan" of systemd..  ROFL...
> Greetz,
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ryan Bair
>> Verzonden: donderdag 27 augustus 2015 14:01
>> Aan: Robert Moskowitz
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba AD firewalld services
>> The services and their port numbers and protocols are defined in
>> /etc/services. You should be able to use that file to map from
>> port numbers
>> to services if you want to use the service names instead. This is not
>> something new with firewalld, iptables has had this option
>> forever as well.
>> On Thu, Aug 27, 2015 at 12:20 AM, Robert Moskowitz
>> <rgm at htt-consult.com>
>> wrote:
>>> Now with firewalld, opening up ports is now 'better' done by opening
>>> services.  So what do I need, for starters it seems:
>>> dns, dhcp, dhcpv6, samba, kerberos
>>> Here is the list of services:
>>> RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6
>>> dhcpv6-client dns
>>> ftp high-availability http https imaps ipp ipp-client ipsec kerberos
>>> kpasswd ldap
>>> ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp
>> openvpn pmcd
>>> pmproxy
>>> pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba
>>> samba-client
>>> smtp ssh telnet tftp tftp-client transmission-client
>> vnc-server wbem-https
>>> I will only be running one AD, but a number of file servers (which in
>>> Samba4 are really DCs without some services?) .
>>> thanks
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list