Samba firewall configuration

Support for security such as Firewalls and securing linux
Post Reply
Bruce
Posts: 7
Joined: 2011/11/24 22:11:06
Location: Canada

Samba firewall configuration

Post by Bruce » 2011/11/24 22:29:13

Hi, new CentOS 6 user here.

I'm finding most of my questions well covered in various forms of documentation, but I've got one hopefully small question about setting up Samba.

According to the [url=http://wiki.centos.org/HowTos/SetUpSamba]Samba HowTo[/url], I should be adding firewall rules like so:

[code]
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
[/code]

I find I can only get that rule accepted when I restart the firewall (via /etc/init.d/iptables restart) if I change the first bit to INPUT, like so:

[code]
-A INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
[/code]

Is that a legitimate change, or have I done something wrong here? Is RH-Firewall-1-INPUT just a label, or does it mean something significant?

Thanks,
- Bruce

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Samba firewall configuration

Post by TrevorH » 2011/11/25 00:57:12

Yes, for CentOS 6, Redhat removed their rule that jumped from the INPUT chain to a chain of their own making called RH-Firewall-1-INPUT. They now use the default INPUT chain for the same purpose.

Bruce
Posts: 7
Joined: 2011/11/24 22:11:06
Location: Canada

Re: Samba firewall configuration

Post by Bruce » 2011/11/25 08:37:22

Thanks Trevor, I was guessing it was something simple like that.

Three suggested Samba updates for the wiki:

* add CentOS 6 variant iptables configuration lines
* add a note on the recommended way to have smbd start on system boot (yeah, I'm noob like that)
* include the Samba HowTo in the HowTo index page (or maybe I'm blind)

On the start issue, I used ntsysv to enable Samba on boot, but I'm guessing a more explicit way would be:

[code]
chkconfig --level 3 smb on
chkconfig --level 012456 smb off
[/code]

Did I get that right? Would it be standard practice to enable it for 5 as well?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Samba firewall configuration

Post by TrevorH » 2011/11/25 16:14:39

Just `chkconfig smb on` will set it to start in the default runlevels which should be OK.

Post Reply