|
|
| Line 7: |
Line 7: |
| | ==DHCP== | | ==DHCP== |
| | | | |
| − | See [[Firewall_basics#DHCP]] | + | See [[Firewall_basics#DHCP|DHCP]] |
| | | | |
| | | | |
| Line 13: |
Line 13: |
| | ==DNS== | | ==DNS== |
| | | | |
| − | See [[Firewall_basics#DNS]] | + | See [[Firewall_basics#DNS|DNS]] |
| | | | |
| | | | |
| | ==LAN communication== | | ==LAN communication== |
| | | | |
| − | See [[Firewall_basics#LAN_communication]] | + | See [[Firewall_basics#LAN_communication| Firewall LAN]] |
| | | | |
| | | | |
| | | | |
| | ==NTP (time syncronization) client== | | ==NTP (time syncronization) client== |
| − | See [[Firewall_basics#NTP_.28time_syncronization.29_client]] | + | See [[Firewall_basics#NTP_.28time_syncronization.29_client|NTP (time sync)]] |
| | | | |
| | | | |
| | ==Samba file-share== | | ==Samba file-share== |
| − | | + | See [[Firewall_basics#Samba_file-share|Samba file-share]] |
| − | <syntaxhighlight lang="bash">
| |
| − | IPTABLES=`which iptables`
| |
| − | | |
| − | # SAMBA share | |
| − | # Access filtering is done in /etc/samba/smb.conf
| |
| − | $IPTABLES -A INPUT -p tcp --dport 135 -m comment --comment "DCE endpoint resolution" -j ACCEPT
| |
| − | $IPTABLES -A INPUT -p udp --dport 137 -m comment --comment "NetBIOS Name Service" -j ACCEPT
| |
| − | $IPTABLES -A INPUT -p udp --dport 138 -m comment --comment "NetBIOS Datagram" -j ACCEPT
| |
| − | $IPTABLES -A INPUT -p tcp --dport 139 -m comment --comment "NetBIOS Session" -j ACCEPT
| |
| − | $IPTABLES -A INPUT -p tcp --dport 445 -m comment --comment "SMB over TCP" -j ACCEPT
| |
| − | | |
| − | $IPTABLES -A OUTPUT -p tcp --sport 135 -m state --state ESTABLISHED -m comment --comment "DCE endpoint resolution" -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -p udp --dport 137 -m comment --comment "NetBios Name Service" -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -p udp --dport 138 -m comment --comment "NetBios Data Exchange" -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -p tcp --dport 139 -m comment --comment "NetBios Session + Samba" -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -p tcp --dport 445 -m comment --comment "CIFS - Partage Win2K and more" -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -p tcp --dport 548 -m comment --comment "Apple file sharing" -j ACCEPT
| |
| − | | |
| − | </syntaxhighlight>
| |
| − | | |
| | | | |
| | ==FTP client== | | ==FTP client== |
| | | | |
| − | <syntaxhighlight lang="bash">
| + | See [[Firewall_basics#FTP|FTP]] |
| − | IPTABLES=`which iptables`
| |
| − | IP6TABLES=`which ip6tables`
| |
| − | | |
| − | #### Requirement
| |
| − | # Keep ESTABLISHED, RELATED connections
| |
| − | $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | | |
| − | $IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | $IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | $IP6TABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
| − | | |
| − | #### FTP client
| |
| − | # FTP data transfer
| |
| − | $IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
| |
| − | $IP6TABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
| |
| − | # FTP control (command)
| |
| − | $IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
| |
| − | $IP6TABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
| |
| − | </syntaxhighlight>
| |
