[Samba] Samba and UFW
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 30 09:59:03 UTC 2019
Hi
He should have. After the filter definitions.
( iptables -S show this )
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
Then
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
Then
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j DROP
-A ufw-skip-to-policy-forward -j DROP
And then my own rule is in the list. ( order shown as in iptables -S output )
-A ufw-user-input -s 192.168.249.0/24 -i eno1 -p tcp -m multiport --dports 139,445 -j ACCEPT
Whats needed, see my previous mail.
He is missing the conntrack module. ( lsmod |grep conntrack )
( see /etc/default/ufw )
Greetz,
Louis
More information about the samba
mailing list