Samba firewall configuration

Support for security such as Firewalls and securing linux

Samba firewall configuration

Postby Bruce » 2011/11/24 22:29:13

Hi, new CentOS 6 user here.

I'm finding most of my questions well covered in various forms of documentation, but I've got one hopefully small question about setting up Samba.

According to the Samba HowTo, I should be adding firewall rules like so:

Code: Select all
-A RH-Firewall-1-INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


I find I can only get that rule accepted when I restart the firewall (via /etc/init.d/iptables restart) if I change the first bit to INPUT, like so:

Code: Select all
-A INPUT -s 192.168.10.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


Is that a legitimate change, or have I done something wrong here? Is RH-Firewall-1-INPUT just a label, or does it mean something significant?

Thanks,
- Bruce
Bruce
 
Posts: 6
Joined: 2011/11/24 22:11:06
Location: Canada

Samba firewall configuration

Postby TrevorH » 2011/11/25 00:57:12

Yes, for CentOS 6, Redhat removed their rule that jumped from the INPUT chain to a chain of their own making called RH-Firewall-1-INPUT. They now use the default INPUT chain for the same purpose.
User avatar
TrevorH
Forum Moderator
 
Posts: 9077
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Samba firewall configuration

Postby Bruce » 2011/11/25 08:37:22

Thanks Trevor, I was guessing it was something simple like that.

Three suggested Samba updates for the wiki:

* add CentOS 6 variant iptables configuration lines
* add a note on the recommended way to have smbd start on system boot (yeah, I'm noob like that)
* include the Samba HowTo in the HowTo index page (or maybe I'm blind)

On the start issue, I used ntsysv to enable Samba on boot, but I'm guessing a more explicit way would be:

Code: Select all
chkconfig --level 3 smb on
chkconfig --level 012456 smb off


Did I get that right? Would it be standard practice to enable it for 5 as well?
Bruce
 
Posts: 6
Joined: 2011/11/24 22:11:06
Location: Canada

Re: Samba firewall configuration

Postby TrevorH » 2011/11/25 16:14:39

Just `chkconfig smb on` will set it to start in the default runlevels which should be OK.
User avatar
TrevorH
Forum Moderator
 
Posts: 9077
Joined: 2009/09/24 10:40:56
Location: Brighton, UK


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest