Firewall core (main) protocols

Revision as of 10:15, 23 June 2015 by WikiFreak (talk | contribs)


Allow services and network protocols

DHCP

See Firewall_basics#DHCP


DNS

See Firewall_basics#DNS


LAN communication

See Firewall_basics#LAN_communication


NTP (time syncronization) client

See Firewall_basics#NTP_.28time_syncronization.29_client


Samba file-share

IPTABLES=`which iptables`

# SAMBA share
# Access filtering is done in /etc/samba/smb.conf
$IPTABLES -A INPUT -p tcp --dport 135 -m comment --comment "DCE endpoint resolution" -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 137 -m comment --comment "NetBIOS Name Service" -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 138 -m comment --comment "NetBIOS Datagram" -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 139 -m comment --comment "NetBIOS Session" -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 445 -m comment --comment "SMB over TCP" -j ACCEPT

$IPTABLES -A OUTPUT -p tcp --sport 135 -m state --state ESTABLISHED -m comment --comment "DCE endpoint resolution" -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 137 -m comment --comment "NetBios Name Service" -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 138 -m comment --comment "NetBios Data Exchange" -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 139 -m comment --comment "NetBios Session + Samba" -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 445 -m comment --comment "CIFS - Partage Win2K and more" -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 548 -m comment --comment "Apple file sharing" -j ACCEPT


FTP client

IPTABLES=`which iptables`
IP6TABLES=`which ip6tables`

#### Requirement
# Keep ESTABLISHED, RELATED connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 

#### FTP client
# FTP data transfer
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
$IP6TABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT  
# FTP control (command)
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IP6TABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Firewall_core_(main)_protocols&oldid=2384"