[Samba] Samba and ufw

Dale samba at txschroeder.family
Tue Feb 12 16:42:52 UTC 2019 

On 2/12/19 2:02 AM, L.P.H. van Belle via samba wrote:
> Hai,
>
> Not everyone understand iptables that good Reindl.
>
> Ufw can be handy and its usable, now gufw thats the problem here.
> Gufw added the profile and sadly i dont know anything about gufw,
> execpt thats a gui on ufw.
> I dont know the modifications Gufw made on ufw, exacpt i noticed the profiles.
>
> Now martin, ok, great. You removed ufw ang gufw.
> The output looks good.
> All tables are cleaned up.
>
> Run : apt-get autoremove to remove left over packages from the install.
> If you plan to install gufw again, dont run the autoremove.
>
> Ok, backup the leftovers in /etc en /etc/gufw ( just rename the folders  to .old )
> Install ufw again.
> ufw allow 22/tcp
> ufw allow 139,445/tcp
> ufw allow 137,138/udp  ( if you network browsing, but not really needed. )
> ( add other ports if needed )
>
>
> ufw --force enable
>
> Thats a minimal setting that must work.
> Im moving a bit ahead in time now.
>
> While i totaly agree with Reindl, i dont suggest moving to plain iptables.
> If you switch now, drop iptables start learning nftables,
> but ufw can be handy, its just what you need.
>
> Nftables ( as of debian buster)
> https://wiki.debian.org/nftables works the same for mint.
> https://wiki.nftables.org/wiki-nftables/index.php/Main_Page more general.
...and while googling nftables, I discover this post about BPFilters 
implemented in the linux 4.18 kernel as eBPF:

https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/

Looks like there will be another successor.

Louis is absolutely correct about users not wanting to manipulate 
iptables directly, and Tom Eastep has indicated that he doesn't intend 
to move his project to nftables.  So, as a Shorewall user, I will be 
tied to iptables for the foreseeable future.

Dale
>
> Greetz,
>
> Louis
>
>
>
>
>
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Reindl Harald via samba
>> Verzonden: maandag 11 februari 2019 18:28
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba and ufw
>>
>>
>>
>> Am 11.02.19 um 17:35 schrieb Martin McGlensey via samba:
>>> Louis,
>>>
>>> Followed your instructions so far. Take a look at the output of the
>>> various steps. I'm down to removing items form /etc/ufw.
>> I'm not sure
>>> what I should delete. I know some of the files are backups generated
>>> after some rules were deleted. Please tell me what is safe to delete
>>> before I procede further.
>>>
>>> martin at radio:~$ sudo apt-get remove --purge ufw gufw
>>> Reading package lists... Done
>>> Building dependency tree
>>> Reading state information... Done
>>> The following packages were automatically installed and are
>> no longer
>>> required:
>>>    libqt5positioning5 libqt5qml5 libqt5quick5 libqt5sensors5
>> frankly why don#t you throw away all that crap and start write a
>> "iptables.sh" which is even for a datacenter firewall doing NAT and
>> firewalling in front of a /24 network no rocket science
>>
>> also looking what rules are currently active is a no-brainer
>>
>> [root at firewall:~]$  cat /usr/local/bin/firewall_status
>> #!/bin/bash
>>
>> IPTABLES="/sbin/iptables"
>> DEFAULT_COLOR_START="\e[36m"
>> DEFAULT_COLOR_STOP="\e[0m"
>>
>> function firewall_status
>> {
>>   # Ausgabemodus
>>   if [ "$1" != "short" ]; then
>>    VERBOSE="--verbose"
>>   fi
>>   # Alle geladenen Tabellen sortiert durchlaufen
>>   for table in `cat /proc/net/ip_tables_names | sort`
>>   do
>>    echo -e
>> "${DEFAULT_COLOR_START}---------------------------------------
>> ------------------------------------------------${DEFAULT_COLOR_STOP}"
>>    echo -e "${DEFAULT_COLOR_START}`echo $table: | tr a-z
>> A-Z`${DEFAULT_COLOR_STOP}"
>>    echo -e
>> "${DEFAULT_COLOR_START}---------------------------------------
>> ------------------------------------------------${DEFAULT_COLOR_STOP}"
>>    $IPTABLES -t "$table" --list --numeric --line-numbers $VERBOSE
>>    echo ""
>>   done
>> }
>>
>> if [ -t 1 ];
>> then
>>   firewall_status "$1" | less -R
>> else
>>   firewall_status "$1" | sed -r
>> "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g"
>> fi
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list