[Samba] Samba and ufw
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 7 14:53:22 UTC 2019
Yes,
Try this ( copy past-able. )
ufw disable
ufw reset
ufw limit 22/tcp
ufw allow in proto tcp from any port 389,1024:65535 to any port 1024:65535
ufw allow 139,445/tcp
ufw allow 137,138/udp
ufw --force enable
Sorry for the late reply, but im bit busy with some servers here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: donderdag 7 februari 2019 15:48
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba and ufw
>
> On Thu, 7 Feb 2019 09:31:41 -0500
> <mmcg29440 at frontier.com> wrote:
>
> > Rowland,
> >
> > OK. Should I delete these lines?
> >
> > diff yours mine
> > 63d62
> > yours# -A ufw-after-logging-output -m limit --limit 3/min
> > --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
> > 85,87d83
> > yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m
> > limit --limit 3/min --limit-burst 10 -j LOG --log-prefix
> "[UFW AUDIT]
> > " yours# -A ufw-before-logging-input -m conntrack --ctstate NEW -m
> > limit --limit 3/min --limit-burst 10 -j LOG --log-prefix
> "[UFW AUDIT]
> > " yours# -A ufw-before-logging-output -m conntrack --ctstate NEW -m
> > limit --limit 3/min --limit-burst 10 -j LOG --log-prefix
> "[UFW AUDIT]
> > " 92c88
> >
> --------------------------------------------------------------
> --------------
> >
> --------------------------------------------------------------
> --------------
> > -------------------------------------------
> >
> > Edit these lines to be the same as yours
> >
> > yours# -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit
> > --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT
> > INVALID] " mine# -A ufw-logging-deny -m conntrack --ctstate INVALID
> > -m limit --limit 3/min --limit-burst 10 -j RETURN
> > 108,109c106,107
> > yours# -A ufw-user-input -s 192.168.0.0/16 -p udp -m multiport
> > --dports 137,138 -m comment --comment "\'dapp_Samba\'" -j ACCEPT
> > yours# -A ufw-user-input -s 192.168.0.0/16 -p tcp -m multiport
> > --dports 139,445 -m comment --comment "\'dapp_Samba\'" -j ACCEPT
> > mine# -A ufw-user-input -p udp -m multiport --dports 137,138 -m
> > comment --comment "\'dapp_Samba\'" -j ACCEPT mine# -A ufw-user-input
> > -p tcp -m multiport --dports 139,445 -m comment --comment
> > "\'dapp_Samba\'" -j ACCEPT
> >
> >
> > You have a few lines I don't have, I have a line that you do not
> > have, but it is very similar to one of yours and I am allow
> access to
> > Samba from anywhere, but you are limiting it to '192.168.x.x'
> >
> > Are the numbers between the lines part of the line above? How do I
> > make the changes?
>
> You have '-s 192.168.0.0/16', I don't, it means you are only allowing
> connections from 192.168.0.0 to 192.168.255.255, I am
> allowing them from
> anywhere.
>
> I am by no means a firewall expert, I just know what works
> for me. This
> isn't really a Samba problem, it works without the firewall,
> you really
> need to find a firewall expert, perhaps trying on the Ubuntu mailing
> list might be an idea.
>
> >
> > Thanks for your patience. We will resolve this issue yet.
> >
>
> I do hope you fix this, but I don't think I can help further
> with this,
> perhaps Louis has some further thoughts.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list