Hai, Just a questions, this might be a bug, might not, but for this one i need some help. Setup, debian 9. Member server samba 4.9.3 AD DC servers samba 4.8.7 Im setting up the member with a very tight firewall, so nothing in/our/routed unless its defined. Im using UFW firewall for it. I notice the following in my member its firewall logs, and this only happend when i run : id or getent passwd wbinfo -u ( any wbinfo command ) no INVALID/BLOCKED in the logs. And any other thing thats configured, what im testing, as i see, no problems at all. Everything works as it should im only not happy with the lines UFW AUDIT INVALID and BLOCK. And i cant stand i cant figure this out, or at least i'm not sure of. IP : .100 is the member IP: .1 and .2 are DC1 and DC2. The Log part. # The request out to DC2. Dec 4 14:52:05 kernel: [969364.260134] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=419 TOS=0x00 PREC=0x00 TTL=64 ID=19101 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK PSH URGP=0 Dec 4 14:52:05 kernel: [969364.260257] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19102 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK FIN URGP=0 ## DC2 gets invalid and blocked. Dec 4 14:52:05 kernel: [969364.260373] [UFW AUDIT INVALID] IN=eno1 OUT= SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 Dec 4 14:52:05 kernel: [969364.260386] [UFW BLOCK] IN=eno1 OUT= SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 # Then a few dns requests Dec 4 14:52:05 kernel: [969364.265380] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=59751 DF PROTO=UDP SPT=43064 DPT=53 LEN=53 Dec 4 14:52:05 kernel: [969364.265395] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=59752 DF PROTO=UDP SPT=43064 DPT=53 LEN=53 # And here DC2 is allowed again. Dec 4 14:52:05 kernel: [969364.268283] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49466 DF PROTO=TCP SPT=45728 DPT=389 WINDOW=29200 RES=0x00 SYN URGP=0 # Dec 4 14:52:05 kernel: [969364.278947] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=59754 DF PROTO=UDP SPT=39163 DPT=53 LEN=60 Dec 4 14:52:05 kernel: [969364.283905] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=59755 DF PROTO=UDP SPT=45775 DPT=53 LEN=53 Dec 4 14:52:05 kernel: [969364.283916] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=59756 DF PROTO=UDP SPT=45775 DPT=53 LEN=53 Dec 4 14:52:05 kernel: [969364.285945] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=191 TOS=0x00 PREC=0x00 TTL=64 ID=2165 DF PROTO=UDP SPT=38445 DPT=88 LEN=171 Dec 4 14:52:05 kernel: [969364.318061] [UFW AUDIT] IN= OUT=eno1 SRC=192.168.0.100 DST=192.168.0.1 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=59759 DF PROTO=UDP SPT=58533 DPT=53 LEN=60 Im already tried allowing the Dynamic ranges : 1024:65535 for my lan. I dont get/see why im getting first the DC request in ( top 2 lines), then the invallid and block, and then its allowed. At first i was thinking, its SPT=389 DPT=45690 in the UFW AUDIT INVALID line. DPT ( destination port ) 45690, was outside the ranges shown on the wiki. so i allowed the full range 1024-65535 for the lan. The setup i need/want in the member server is the following. I'm allowing only IN-OUT whats needed. mbd and winbind are running for the member server, because it does need a few shares to be accessed and i need the authentication there. All other parts im using are already in the firewall and working without problems. This is the ufw firewall, at least a part of, im using, its a new concept im working on for my mailserver. If anyone can explain to my why i still have these INVALID/BLOCK messages when i use : id username of have any improvements, I'm very greatfull to hear it the only thing i could think off are 3 things. 1) ufw its rules : LOG all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG level warning prefix "[UFW AUDIT INVALID] " LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " so just getting blocked doe to rate limiting. 2) samba is using wrong dynamic ports. 3) You tell me, i dont know. :-( The firewall setup: # Restricted firewall with UFW. # LAN = 192.168.0.0/24 # MEMBER ip : .100 # AD DC's. .1 and .2 # # First allow ssh, so you dont get locked out. # You might want to use `ufw limit 22` first. ufw limit in on eno1 proto tcp from 192.168.0.0/24 to 192.168.0.100 port 22 comment 'Limit SSH IN from lan (22/tcp)' ufw allow out on eno1 proto tcp from 192.168.0.100 to 192.168.0.0/24 port 22 comment 'Allow SSH OUT to lan (22/tcp)' ufw default deny incoming ufw default deny outgoing ufw default deny routed ufw logging medium # needed for apt install/update/upgrades ufw allow out on eno1 proto tcp from 192.168.0.100 to any port 21,80,443 comment 'Allow out ftp/http/https to any (21,80,443/tcp)' # needed for nfs ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 111 comment 'Allow out NFS to lan (111)(RPC required only by NFSV3)' ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 2049 comment 'Allow out NFS to lan (2049)(NFSV4 and/or NFSV3)' # Local webserver. ufw allow in on eno1 proto tcp from 192.168.0.0/24 to any port 80 comment 'Allow in on interface to Web ports (lan 80/tcp)' ufw allow in on eno1 proto tcp from 192.168.0.0/24 to any port 443 comment 'Allow in on interface to Web ports (lan 443/tcp)' # Samba (MEMBER, with shares) # Allow in. ufw allow in on eno1 proto tcp from 192.168.0.0/24 to 192.168.0.100 port 49152:65535 comment 'Allow in from lan to Dynamic RPC Ports (port 49152:65535/tcp)' ufw allow in on eno1 proto udp from 192.168.0.0/24 to 192.168.0.100 port 49152:65535 comment 'Allow in from lan to Dynamic RPC Ports (port 49152:65535/udp)' ufw allow in on eno1 proto udp from 192.168.0.0/24 to 192.168.0.100 port 137 comment 'Allow in from LAN to NetBIOS Name Service (port 137/udp)' ufw allow in on eno1 proto udp from 192.168.0.0/24 to 192.168.0.100 port 138 comment 'Allow in from LAN to NetBIOS Datagram (port 138/udp)' ufw allow in on eno1 proto tcp from 192.168.0.0/24 to 192.168.0.100 port 139 comment 'Allow in from LAN to NetBIOS Session(NBT over ip) (port 139/tcp)' ufw allow in on eno1 proto tcp from 192.168.0.0/24 to 192.168.0.100 port 445 comment 'Allow in from LAN to SMB over TCP (445/tcp)' # Allow out ufw allow out on eno1 proto tcp from 192.168.0.100 port 445 to 192.168.0.0/24 port 49152:65535 comment 'Allow in from SMB over TCP to Dynamic RPC Ports (port 49152:65535/tcp)' # Samba (Member, OUT: AD DC requests (via interface to LAN)) ufw allow out on eno1 proto udp from 192.168.0.100 to 192.168.0.0/24 port 123 comment 'Allow out to LAN (port 123/udp)' ufw allow out on eno1 from 192.168.0.100 to any port 53 comment 'Allow out to any DNS (due to spamassassin) (port 53)' ufw allow out on eno1 proto tcp from 192.168.0.100 to 192.168.0.0/24 port 445 comment 'Allow out to LAN SMB over TCP (445/tcp)' ufw allow out on eno1 proto tcp from 192.168.0.100 to 192.168.0.0/24 port 135 comment 'Allow out to LAN DCE/RPC Locator Service (port 135/tcp)' ufw allow out on eno1 proto tcp from 192.168.0.100 to 192.168.0.0/24 port 389 comment 'Allow out to LAN (port 389/tcp)' ufw allow out on eno1 proto udp from 192.168.0.100 to 192.168.0.0/24 port 389 comment 'Allow out to LAN (port 389/udp)' ufw allow out on eno1 proto tcp from 192.168.0.100 to 192.168.0.0/24 port 636 comment 'Allow out to LAN (port 636/tcp)' ufw allow out on eno1 proto udp from 192.168.0.100 to 192.168.0.0/24 port 636 comment 'Allow out to LAN (port 636/udp)' ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 88 comment 'Allow out to LAN (AD-DC) Kerberos (port 88)' ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 464 comment 'Allow out to LAN (AD-DC) Kerberos kpasswd (port 464)' ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 3268 comment 'Allow out to LAN (AD-DC) GC (non-ssl) (port 3268)' ufw allow out on eno1 from 192.168.0.100 to 192.168.0.0/24 port 3269 comment 'Allow in from LAN (AD-DC) GC (ssl) (port 3269)' Sources i've used: https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage States : The range matches the port range used by Windows Server 2008 and later. Samba versions before 4.7 used the TCP ports 1024 to 1300 instead. To manually set the port range in Samba 4.7 and later, set the rpc server port parameter in your smb.conf file. And man ufw So anyone suggestions, tips, improvements? Or is above explained in riddles ? The question is: why do i see : UFW AUDIT INVALID and BLOCK in my firewall logs when i use : id username. Greetz, Louis
On Tue, 4 Dec 2018 15:53:29 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > Just a questions, this might be a bug, might not, but for this one i > need some help. > Setup, debian 9. > > Member server samba 4.9.3 > AD DC servers samba 4.8.7 > > Im setting up the member with a very tight firewall, so nothing > in/our/routed unless its defined. Im using UFW firewall for it. > > I notice the following in my member its firewall logs, and this only > happend when i run : id or getent passwd wbinfo -u ( any wbinfo > command ) no INVALID/BLOCKED in the logs. > And any other thing thats configured, what im testing, as i see, no > problems at all. Everything works as it should im only not happy with > the lines UFW AUDIT INVALID and BLOCK. And i cant stand i cant figure > this out, or at least i'm not sure of. > > IP : .100 is the member > IP: .1 and .2 are DC1 and DC2. > > The Log part. > # The request out to DC2. > Dec 4 14:52:05 kernel: [969364.260134] [UFW AUDIT] IN= OUT=eno1 > SRC=192.168.0.100 DST=192.168.0.2 LEN=419 TOS=0x00 PREC=0x00 TTL=64 > ID=19101 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK PSH > URGP=0 Dec 4 14:52:05 kernel: [969364.260257] [UFW AUDIT] IN> OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=52 TOS=0x00 PREC=0x00 > TTL=64 ID=19102 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 > ACK FIN URGP=0 ## DC2 gets invalid and blocked. Dec 4 14:52:05 > kernel: [969364.260373] [UFW AUDIT INVALID] IN=eno1 OUT> SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 Dec > 4 14:52:05 kernel: [969364.260386] [UFW BLOCK] IN=eno1 OUT> SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 #I would be more worried about the port: 45690 The only trace I could find is: AEON stratum+tcp://aeon.pool.minergate.com:45690 The good thing is that your firewall blocked it ;-) If you don't want those messages in your logs, my understanding is that replacing this: ufw logging medium with this: ufw logging low will stop them. Rowland
Hai, well, at least you did an attempt.. No, there are no crypto miner running in the office here. And yes, i know i can set the logging to low to make it disappear, but i would like to know what exact happens. I dont understand why, when i use id username i see these firewall lines. And id does work, even with these log lines. So im hoping on a next reply but thanks Rowland for the attemp :-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 4 december 2018 17:04 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba and firewalling > > On Tue, 4 Dec 2018 15:53:29 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > Just a questions, this might be a bug, might not, but for this one i > > need some help. > > Setup, debian 9. > > > > Member server samba 4.9.3 > > AD DC servers samba 4.8.7 > > > > Im setting up the member with a very tight firewall, so nothing > > in/our/routed unless its defined. Im using UFW firewall for it. > > > > I notice the following in my member its firewall logs, and this only > > happend when i run : id or getent passwd wbinfo -u ( any wbinfo > > command ) no INVALID/BLOCKED in the logs. > > And any other thing thats configured, what im testing, as i see, no > > problems at all. Everything works as it should im only not > happy with > > the lines UFW AUDIT INVALID and BLOCK. And i cant stand i > cant figure > > this out, or at least i'm not sure of. > > > > IP : .100 is the member > > IP: .1 and .2 are DC1 and DC2. > > > > The Log part. > > # The request out to DC2. > > Dec 4 14:52:05 kernel: [969364.260134] [UFW AUDIT] IN= OUT=eno1 > > SRC=192.168.0.100 DST=192.168.0.2 LEN=419 TOS=0x00 PREC=0x00 TTL=64 > > ID=19101 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 ACK PSH > > URGP=0 Dec 4 14:52:05 kernel: [969364.260257] [UFW AUDIT] IN> > OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=52 TOS=0x00 PREC=0x00 > > TTL=64 ID=19102 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 > > ACK FIN URGP=0 ## DC2 gets invalid and blocked. Dec 4 14:52:05 > > kernel: [969364.260373] [UFW AUDIT INVALID] IN=eno1 OUT> > SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 Dec > > 4 14:52:05 kernel: [969364.260386] [UFW BLOCK] IN=eno1 OUT> > SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 # > > I would be more worried about the port: 45690 > > The only trace I could find is: > > AEON > stratum+tcp://aeon.pool.minergate.com:45690 > > The good thing is that your firewall blocked it ;-) > > If you don't want those messages in your logs, my > understanding is that > replacing this: > > ufw logging medium > > with this: > > ufw logging low > > will stop them. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hai, And update on this, a reply to myself in the hope someone knows or is able to verify the findings below. I've changed my rule sets a bit and i've tracked down the following. I notice a pattern. This is a repeat of 1x per hour, exact 1 hour. (+- 1-2 seconds) SRC = a AD-DC. DST = the member [UFW AUDIT INVALID] IN=eno1 OUT= SRC=192.168.x.1 DST=192.168.x.10 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=389 DPT=34298 WINDOW=0 RES=0x00 RST URGP=0 [UFW BLOCK] IN=eno1 OUT= SRC=192.168.x.1 DST=192.168.x.10 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=389 DPT=34298 WINDOW=0 RES=0x00 RST URGP=0 And this is once every hour and can be any DC. I needed to change the dynamic port ranges due some there software im running also. # IN to member server ufw allow in proto tcp from 192.168.x.1 port 389,1024:65535 to any port 1024:65535 ufw allow in proto tcp from 192.168.x.2 port 389,1024:65535 to any port 1024:65535 # Out to DC1 ufw allow out proto udp from any port 1024:65535 to 192.168.x.1 port 137,138 ufw allow out proto tcp from any port 1024:65535 to 192.168.x.1 port 135,139,445,636,3268,3269 ufw allow out proto udp from any port 53,1024:65535 to 192.168.x.1 port 53,88,123,389,464,1024:65535 ufw allow out proto tcp from any port 53,1024:65535 to 192.168.x.1 port 53,88,123,389,464,1024:65535 # Out to DC2 ufw allow out proto udp from any port 1024:65535 to 192.168.x.2 port 137,138 ufw allow out proto tcp from any port 1024:65535 to 192.168.x.2 port 135,139,445,636,3268,3269 ufw allow out proto udp from any port 53,1024:65535 to 192.168.x.2 port 53,88,123,389,464,1024:65535 ufw allow out proto tcp from any port 53,1024:65535 to 192.168.x.2 port 53,88,123,389,464,1024:65535 # In to Member, Allow fileshare access. ufw allow in on eno1 proto tcp from 192.168.x.0/24 to any port 139,445 #ufw allow in on eno1 proto udp from 192.168.x.0/24 to any port 137,138 So im my opionion, it might be a normal thing here, i've notice 2 things if you use ufw as firewall. Iptables and conntracking and the changing request to/from the DC's are giving the : [UFW AUDIT INVALID] and [UFW BLOCK] If you dont use the authentication of samba for a while, and you run : id username. You see the same block and a full set of new request to/from AD, without UFW blocking things. Which make me think its a normal thing. Anyone suggestions opinions on this or can someone verify this asumption? I've tested this with iptables (1.6.0+snapshot20161117-6) and (1.8.2-2) and Ufw 0.35-4 and 0.35-6 Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: woensdag 5 december 2018 8:36 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba and firewalling > > Hai, well, at least you did an attempt.. > > No, there are no crypto miner running in the office here. > And yes, i know i can set the logging to low to make it > disappear, but i would like to know what exact happens. > > I dont understand why, when i use id username i see these > firewall lines. > And id does work, even with these log lines. > > So im hoping on a next reply but thanks Rowland for the attemp :-) > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: dinsdag 4 december 2018 17:04 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Samba and firewalling > > > > On Tue, 4 Dec 2018 15:53:29 +0100 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > > > Hai, > > > > > > Just a questions, this might be a bug, might not, but for > this one i > > > need some help. > > > Setup, debian 9. > > > > > > Member server samba 4.9.3 > > > AD DC servers samba 4.8.7 > > > > > > Im setting up the member with a very tight firewall, so nothing > > > in/our/routed unless its defined. Im using UFW firewall for it. > > > > > > I notice the following in my member its firewall logs, > and this only > > > happend when i run : id or getent passwd wbinfo -u ( any wbinfo > > > command ) no INVALID/BLOCKED in the logs. > > > And any other thing thats configured, what im testing, as > i see, no > > > problems at all. Everything works as it should im only not > > happy with > > > the lines UFW AUDIT INVALID and BLOCK. And i cant stand i > > cant figure > > > this out, or at least i'm not sure of. > > > > > > IP : .100 is the member > > > IP: .1 and .2 are DC1 and DC2. > > > > > > The Log part. > > > # The request out to DC2. > > > Dec 4 14:52:05 kernel: [969364.260134] [UFW AUDIT] IN= OUT=eno1 > > > SRC=192.168.0.100 DST=192.168.0.2 LEN=419 TOS=0x00 > PREC=0x00 TTL=64 > > > ID=19101 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 > RES=0x00 ACK PSH > > > URGP=0 Dec 4 14:52:05 kernel: [969364.260257] [UFW AUDIT] IN> > > OUT=eno1 SRC=192.168.0.100 DST=192.168.0.2 LEN=52 > TOS=0x00 PREC=0x00 > > > TTL=64 ID=19102 DF PROTO=TCP SPT=45690 DPT=389 WINDOW=452 RES=0x00 > > > ACK FIN URGP=0 ## DC2 gets invalid and blocked. Dec 4 14:52:05 > > > kernel: [969364.260373] [UFW AUDIT INVALID] IN=eno1 OUT> > > SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > > > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST > URGP=0 Dec > > > 4 14:52:05 kernel: [969364.260386] [UFW BLOCK] IN=eno1 OUT> > > SRC=192.168.0.2 DST=192.168.0.100 LEN=40 TOS=0x00 PREC=0x00 TTL=64 > > > ID=0 DF PROTO=TCP SPT=389 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0 # > > > > I would be more worried about the port: 45690 > > > > The only trace I could find is: > > > > AEON > > stratum+tcp://aeon.pool.minergate.com:45690 > > > > The good thing is that your firewall blocked it ;-) > > > > If you don't want those messages in your logs, my > > understanding is that > > replacing this: > > > > ufw logging medium > > > > with this: > > > > ufw logging low > > > > will stop them. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >