Difference between revisions of "Firewall core (main) protocols"

 
Line 7: Line 7:
 
==DHCP==
 
==DHCP==
  
See [[Firewall_basics#DHCP]]
+
See [[Firewall_basics#DHCP|DHCP]]
  
  
Line 13: Line 13:
 
==DNS==
 
==DNS==
  
See [[Firewall_basics#DNS]]
+
See [[Firewall_basics#DNS|DNS]]
  
  
 
==LAN communication==
 
==LAN communication==
  
See [[Firewall_basics#LAN_communication]]
+
See [[Firewall_basics#LAN_communication| Firewall LAN]]
  
  
  
 
==NTP (time syncronization) client==
 
==NTP (time syncronization) client==
See [[Firewall_basics#NTP_.28time_syncronization.29_client]]
+
See [[Firewall_basics#NTP_.28time_syncronization.29_client|NTP (time sync)]]
  
  
 
==Samba file-share==
 
==Samba file-share==
 
+
See [[Firewall_basics#Samba_file-share|Samba file-share]]
<syntaxhighlight lang="bash">
 
IPTABLES=`which iptables`
 
 
 
# SAMBA share
 
# Access filtering is done in /etc/samba/smb.conf
 
$IPTABLES -A INPUT -p tcp --dport 135 -m comment --comment "DCE endpoint resolution" -j ACCEPT
 
$IPTABLES -A INPUT -p udp --dport 137 -m comment --comment "NetBIOS Name Service" -j ACCEPT
 
$IPTABLES -A INPUT -p udp --dport 138 -m comment --comment "NetBIOS Datagram" -j ACCEPT
 
$IPTABLES -A INPUT -p tcp --dport 139 -m comment --comment "NetBIOS Session" -j ACCEPT
 
$IPTABLES -A INPUT -p tcp --dport 445 -m comment --comment "SMB over TCP" -j ACCEPT
 
 
 
$IPTABLES -A OUTPUT -p tcp --sport 135 -m state --state ESTABLISHED -m comment --comment "DCE endpoint resolution" -j ACCEPT
 
$IPTABLES -A OUTPUT -p udp --dport 137 -m comment --comment "NetBios Name Service" -j ACCEPT
 
$IPTABLES -A OUTPUT -p udp --dport 138 -m comment --comment "NetBios Data Exchange" -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp --dport 139 -m comment --comment "NetBios Session + Samba" -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp --dport 445 -m comment --comment "CIFS - Partage Win2K and more" -j ACCEPT
 
$IPTABLES -A OUTPUT -p tcp --dport 548 -m comment --comment "Apple file sharing" -j ACCEPT
 
 
 
</syntaxhighlight>
 
 
 
  
 
==FTP client==
 
==FTP client==
  
<syntaxhighlight lang="bash">
+
See [[Firewall_basics#FTP|FTP]]
IPTABLES=`which iptables`
 
IP6TABLES=`which ip6tables`
 
 
 
#### Requirement
 
# Keep ESTABLISHED, RELATED connections
 
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 
 
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
$IP6TABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 
 
#### FTP client
 
# FTP data transfer
 
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
 
$IP6TABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT 
 
# FTP control (command)
 
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
 
$IP6TABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT 
 
</syntaxhighlight>
 

Latest revision as of 10:17, 23 June 2015


Allow services and network protocols

DHCP

See DHCP


DNS

See DNS


LAN communication

See Firewall LAN


NTP (time syncronization) client

See NTP (time sync)


Samba file-share

See Samba file-share

FTP client

See FTP