I am looking at: http://www.shorewall.net/samba.htm This is obviously the old format: SMB/ACCEPT $FW loc SMB/ACCEPT loc $FW Would the proper format be: ACCEPT $FW loc SMB ACCEPT loc $FW SMB ? And what protocols/ports are covered by SMB? Thus is it really: ACCEPT $FW loc tcp SMB ACCEPT loc $FW tcp SMB ACCEPT $FW loc udp SMB ACCEPT loc $FW udp SMB It would be nice if there was a PROTO option: TCP/UDP... Still what ports are covered in SMB? ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Robert Moskowitz wrote:> I am looking at: http://www.shorewall.net/samba.htm > > This is obviously the old format:No -- that is currently-accepted format.> > SMB/ACCEPT $FW loc > SMB/ACCEPT loc $FW > > Would the proper format be: > > ACCEPT $FW loc SMB > ACCEPT loc $FW SMB > > ?No. ''SMB'' is a macro -- see http://www.shorewall.net/Macros.html> > And what protocols/ports are covered by SMB? Thus is it really: >As with any standard macro, you can see what it does by examining the corresponding macro definition file in /usr/share/shorewall/. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Tom Eastep wrote:> Robert Moskowitz wrote: > >> I am looking at: http://www.shorewall.net/samba.htm >> >> This is obviously the old format: >> > > No -- that is currently-accepted format. >As I read the macro docs it seems the current format is: SMB(ACCEPT) $FW loc though the SMB/ACCEPT is still accepted.>> SMB/ACCEPT $FW loc >> SMB/ACCEPT loc $FW >> >> Would the proper format be: >> >> ACCEPT $FW loc SMB >> ACCEPT loc $FW SMB >> >> ? >> > > No. > > ''SMB'' is a macro -- see http://www.shorewall.net/Macros.html > > >> And what protocols/ports are covered by SMB? Thus is it really: >> >> > > As with any standard macro, you can see what it does by examining the > corresponding macro definition file in /usr/share/shorewall/.It would be nice to document all the macros instead of having to cat each. Most are just a one liner. Speaking of that, I see a lot of examples where the port is not a number but a name (directly from the rules docs): Accept SMTP requests from the DMZ to the internet #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ACCEPT dmz net tcp smtp Is this also a macro form or just an alternative method. If the later is there a document giving the names to number mappings allowed? ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Robert Moskowitz wrote:> Tom Eastep wrote: >> Robert Moskowitz wrote: >> >>> I am looking at: http://www.shorewall.net/samba.htm >>> >>> This is obviously the old format: >>> >> No -- that is currently-accepted format. >> > > As I read the macro docs it seems the current format is: > > SMB(ACCEPT) $FW loc > > though the SMB/ACCEPT is still accepted. > >>> SMB/ACCEPT $FW loc >>> SMB/ACCEPT loc $FW >>> >>> Would the proper format be: >>> >>> ACCEPT $FW loc SMB >>> ACCEPT loc $FW SMB >>> >>> ? >>> >> No. >> >> ''SMB'' is a macro -- see http://www.shorewall.net/Macros.html >> >> >>> And what protocols/ports are covered by SMB? Thus is it really: >>> >>> >> As with any standard macro, you can see what it does by examining the >> corresponding macro definition file in /usr/share/shorewall/. > > It would be nice to document all the macros instead of having to cat > each. Most are just a one liner.We will look forward to your contribution -- thanks!> > Speaking of that, I see a lot of examples where the port is not a number > but a name (directly from the rules docs): > > Accept SMTP requests from the DMZ to the internet > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > ACCEPT dmz net tcp smtp > > > Is this also a macro form or just an alternative method. If the later > is there a document giving the names to number mappings allowed?The correspondence between service names and port numbers is normally determined by the file /etc/services but can be changed by modifying /etc/nsswitch.conf. This is a standard Unix facility and is independent of Shorewall; Shorewall-perl simply uses that facility to do the name->port mapping. See http://www.shorewall.net/configuration_file_basics.htm#Ports -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com