[Samba] Samba and UFW

L.P.H. van Belle belle at bazuin.nl
Wed Jan 30 09:59:03 UTC 2019


Hi 

He should have. After the filter definitions. 
( iptables -S show this ) 

-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

Then 
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
Then 
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j DROP
-A ufw-skip-to-policy-forward -j DROP

And then my own rule is in the list. ( order shown as in iptables -S output ) 
-A ufw-user-input -s 192.168.249.0/24 -i eno1 -p tcp -m multiport --dports 139,445 -j ACCEPT

Whats needed, see my previous mail. 
He is missing the conntrack module.  (  lsmod |grep conntrack ) 
( see /etc/default/ufw ) 

Greetz, 

Louis






More information about the samba mailing list