Web lists-archives.com

Re: [Samba] Samba and ufw




On 2/12/19 2:02 AM, L.P.H. van Belle via samba wrote:
Hai,

Not everyone understand iptables that good Reindl.

Ufw can be handy and its usable, now gufw thats the problem here.
Gufw added the profile and sadly i dont know anything about gufw,
execpt thats a gui on ufw.
I dont know the modifications Gufw made on ufw, exacpt i noticed the profiles.

Now martin, ok, great. You removed ufw ang gufw.
The output looks good.
All tables are cleaned up.

Run : apt-get autoremove to remove left over packages from the install.
If you plan to install gufw again, dont run the autoremove.

Ok, backup the leftovers in /etc en /etc/gufw ( just rename the folders  to .old )
Install ufw again.
ufw allow 22/tcp
ufw allow 139,445/tcp
ufw allow 137,138/udp  ( if you network browsing, but not really needed. )
( add other ports if needed )


ufw --force enable

Thats a minimal setting that must work.
Im moving a bit ahead in time now.

While i totaly agree with Reindl, i dont suggest moving to plain iptables.
If you switch now, drop iptables start learning nftables,
but ufw can be handy, its just what you need.

Nftables ( as of debian buster)
https://wiki.debian.org/nftables works the same for mint.
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page more general.
...and while googling nftables, I discover this post about BPFilters implemented in the linux 4.18 kernel as eBPF:

https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/

Looks like there will be another successor.

Louis is absolutely correct about users not wanting to manipulate iptables directly, and Tom Eastep has indicated that he doesn't intend to move his project to nftables.  So, as a Shorewall user, I will be tied to iptables for the foreseeable future.

Dale

Greetz,

Louis





-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Reindl Harald via samba
Verzonden: maandag 11 februari 2019 18:28
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Samba and ufw



Am 11.02.19 um 17:35 schrieb Martin McGlensey via samba:
Louis,

Followed your instructions so far. Take a look at the output of the
various steps. I'm down to removing items form /etc/ufw.
I'm not sure
what I should delete. I know some of the files are backups generated
after some rules were deleted. Please tell me what is safe to delete
before I procede further.

martin@radio:~$ sudo apt-get remove --purge ufw gufw
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are
no longer
required:
   libqt5positioning5 libqt5qml5 libqt5quick5 libqt5sensors5
frankly why don#t you throw away all that crap and start write a
"iptables.sh" which is even for a datacenter firewall doing NAT and
firewalling in front of a /24 network no rocket science

also looking what rules are currently active is a no-brainer

[root@firewall:~]$  cat /usr/local/bin/firewall_status
#!/bin/bash

IPTABLES="/sbin/iptables"
DEFAULT_COLOR_START="\e[36m"
DEFAULT_COLOR_STOP="\e[0m"

function firewall_status
{
  # Ausgabemodus
  if [ "$1" != "short" ]; then
   VERBOSE="--verbose"
  fi
  # Alle geladenen Tabellen sortiert durchlaufen
  for table in `cat /proc/net/ip_tables_names | sort`
  do
   echo -e
"${DEFAULT_COLOR_START}---------------------------------------
------------------------------------------------${DEFAULT_COLOR_STOP}"
   echo -e "${DEFAULT_COLOR_START}`echo $table: | tr a-z
A-Z`${DEFAULT_COLOR_STOP}"
   echo -e
"${DEFAULT_COLOR_START}---------------------------------------
------------------------------------------------${DEFAULT_COLOR_STOP}"
   $IPTABLES -t "$table" --list --numeric --line-numbers $VERBOSE
   echo ""
  done
}

if [ -t 1 ];
then
  firewall_status "$1" | less -R
else
  firewall_status "$1" | sed -r
"s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g"
fi

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba