[Samba] Samba and ufw
L.P.H. van Belle
belle at bazuin.nl
Tue Feb 12 08:02:30 UTC 2019
Hai,
Not everyone understand iptables that good Reindl.
Ufw can be handy and its usable, now gufw thats the problem here.
Gufw added the profile and sadly i dont know anything about gufw,
execpt thats a gui on ufw.
I dont know the modifications Gufw made on ufw, exacpt i noticed the profiles.
Now martin, ok, great. You removed ufw ang gufw.
The output looks good.
All tables are cleaned up.
Run : apt-get autoremove to remove left over packages from the install.
If you plan to install gufw again, dont run the autoremove.
Ok, backup the leftovers in /etc en /etc/gufw ( just rename the folders to .old )
Install ufw again.
ufw allow 22/tcp
ufw allow 139,445/tcp
ufw allow 137,138/udp ( if you network browsing, but not really needed. )
( add other ports if needed )
ufw --force enable
Thats a minimal setting that must work.
Im moving a bit ahead in time now.
While i totaly agree with Reindl, i dont suggest moving to plain iptables.
If you switch now, drop iptables start learning nftables,
but ufw can be handy, its just what you need.
Nftables ( as of debian buster)
https://wiki.debian.org/nftables works the same for mint.
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page more general.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Reindl Harald via samba
> Verzonden: maandag 11 februari 2019 18:28
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba and ufw
>
>
>
> Am 11.02.19 um 17:35 schrieb Martin McGlensey via samba:
> > Louis,
> >
> > Followed your instructions so far. Take a look at the output of the
> > various steps. I'm down to removing items form /etc/ufw.
> I'm not sure
> > what I should delete. I know some of the files are backups generated
> > after some rules were deleted. Please tell me what is safe to delete
> > before I procede further.
> >
> > martin at radio:~$ sudo apt-get remove --purge ufw gufw
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > The following packages were automatically installed and are
> no longer
> > required:
> > libqt5positioning5 libqt5qml5 libqt5quick5 libqt5sensors5
>
> frankly why don#t you throw away all that crap and start write a
> "iptables.sh" which is even for a datacenter firewall doing NAT and
> firewalling in front of a /24 network no rocket science
>
> also looking what rules are currently active is a no-brainer
>
> [root at firewall:~]$ cat /usr/local/bin/firewall_status
> #!/bin/bash
>
> IPTABLES="/sbin/iptables"
> DEFAULT_COLOR_START="\e[36m"
> DEFAULT_COLOR_STOP="\e[0m"
>
> function firewall_status
> {
> # Ausgabemodus
> if [ "$1" != "short" ]; then
> VERBOSE="--verbose"
> fi
> # Alle geladenen Tabellen sortiert durchlaufen
> for table in `cat /proc/net/ip_tables_names | sort`
> do
> echo -e
> "${DEFAULT_COLOR_START}---------------------------------------
> ------------------------------------------------${DEFAULT_COLOR_STOP}"
> echo -e "${DEFAULT_COLOR_START}`echo $table: | tr a-z
> A-Z`${DEFAULT_COLOR_STOP}"
> echo -e
> "${DEFAULT_COLOR_START}---------------------------------------
> ------------------------------------------------${DEFAULT_COLOR_STOP}"
> $IPTABLES -t "$table" --list --numeric --line-numbers $VERBOSE
> echo ""
> done
> }
>
> if [ -t 1 ];
> then
> firewall_status "$1" | less -R
> else
> firewall_status "$1" | sed -r
> "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g"
> fi
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list