On Fri, Jun 27, 2014 at 8:13 AM, Diogene Laerce <[email protected]> wrote:
>
> I try to authorize the 192.168.0.2 host to connect to samba but the
> server host 192.168.0.1 won't let me with the following statement :
>
> ************************************************************************
>
> iptables -A INPUT -i eth0 -p udp -s 192.168.0.2/32 -d 192.168.0.1
> --dport 137 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp -s 192.168.0.2/32 -d 192.168.0.1
> --dport 138 -j ACCEPT
> iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -p tcp -s
> 192.168.0.2/32 -d 192.168.0.1 --dport 139 -j ACCEPT
> iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED -p tcp -s
> 192.168.0.2/32 -d 192.168.0.1 --dport 445 -j ACCEPT
>
> ************************************************************************
>
> So I enabled the CIFS profile in UFW, which is more permissive and does
> work (yes the whole SAMBA configuration is.. :) ). But I'd like to make
> those iptables rules work as they are more efficient.
Why don't you set up one rule for "ESTABLISHED,RELATED" and then:
-A INPUT -i eth0 -p udp -m state --state NEW -s 192.168.0.2 -d 192.168.0.1 \
--dport 137 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state NEW -s 192.168.0.2 -d 192.168.0.1 \
--dport 138 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -s 192.168.0.2 -d 192.168.0.1 \
--dport 139 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -s 192.168.0.2 -d 192.168.0.1 \
--dport 445 -j ACCEPT
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/CAOdo=syu-bed64nq12gqrwudpyj64jpggc2vq69gdpccagy...@mail.gmail.com
