thr3ads.net - samba - [Samba] ,Re: Samba and ufw [Feb 2019]

If this information is useful, please help other people find it:
Share via:

Martin McGlensey

2019-Feb-11 00:06 UTC

[Samba] ,Re: Samba and ufw

Louis,

Tried the rules you suggested:

These work. I think that rules out any Windows problems.
ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39
ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15

These do not work.
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to
192.168.254.39 port 139,445
ufw insert 2 allow in on enp2s5 proto udp from 192.168.254.0/24 to
192.168.254.39 port 137,138

Adding these does not work as well.
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to
192.168.254.39 port 1024:1300,49152:65535
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.39 to
192.168.254.0/24  port 1024:1300,49152:65535

No problem logging on with the firewall disabled or when enabled with the first
two rules.

Tried adding port 135 mentioned in an internet search. No change.

Last part of /var/log/ufw.log:



martin at radio:~$ tail -n 30 /var/log/ufw.log
Feb 10 16:30:48 radio kernel: [ 3796.910381] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=224.0.0.251
LEN=167 TOS=0x00 PREC=0x00 TTL=255 ID=58501 DF PROTO=UDP SPT=5353 DPT=5353
LEN=147
Feb 10 16:32:14 radio kernel: [ 3882.641181] [UFW AUDIT] IN=enp2s5 OUT=
MAC=ff:ff:ff:ff:ff:ff:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=32676 PROTO=UDP
SPT=138 DPT=138 LEN=215
Feb 10 16:32:36 radio kernel: [ 3904.825197] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58
Feb 10 16:32:36 radio kernel: [ 3904.825208] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58
Feb 10 16:32:36 radio kernel: [ 3904.825234] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58
Feb 10 16:32:36 radio kernel: [ 3904.825833] [UFW AUDIT] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27398 PROTO=UDP SPT=137
DPT=54662 LEN=70
Feb 10 16:32:36 radio kernel: [ 3904.825853] [UFW BLOCK] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27398 PROTO=UDP SPT=137
DPT=54662 LEN=70
Feb 10 16:32:37 radio kernel: [ 3905.826375] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58
Feb 10 16:32:37 radio kernel: [ 3905.826387] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58
Feb 10 16:32:37 radio kernel: [ 3905.826411] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58
Feb 10 16:32:37 radio kernel: [ 3905.826922] [UFW AUDIT] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27401 PROTO=UDP SPT=137
DPT=48574 LEN=70
Feb 10 16:32:37 radio kernel: [ 3905.826936] [UFW BLOCK] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27401 PROTO=UDP SPT=137
DPT=48574 LEN=70
Feb 10 16:32:38 radio kernel: [ 3906.828475] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58
Feb 10 16:32:38 radio kernel: [ 3906.828485] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58
Feb 10 16:32:38 radio kernel: [ 3906.828511] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58
Feb 10 16:33:07 radio kernel: [ 3936.009704] [UFW AUDIT] IN= OUT=lo
SRC=127.0.0.1 DST=127.0.0.53 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17405 DF
PROTO=UDP SPT=49701 DPT=53 LEN=55
Feb 10 16:33:07 radio kernel: [ 3936.009741] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.53
LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17405 DF PROTO=UDP SPT=49701 DPT=53 LEN=55
Feb 10 16:33:07 radio kernel: [ 3936.009782] [UFW AUDIT] IN= OUT=lo
SRC=127.0.0.1 DST=127.0.0.53 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17406 DF
PROTO=UDP SPT=49701 DPT=53 LEN=55
Feb 10 16:33:07 radio kernel: [ 3936.009795] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.53
LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17406 DF PROTO=UDP SPT=49701 DPT=53 LEN=55
Feb 10 16:33:07 radio kernel: [ 3936.010381] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.254 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=50514
DF PROTO=UDP SPT=43870 DPT=53 LEN=55
Feb 10 16:33:07 radio kernel: [ 3936.010390] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.254 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=50514
DF PROTO=UDP SPT=43870 DPT=53 LEN=55
Feb 10 16:33:08 radio kernel: [ 3937.010667] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=35.222.85.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33228 DF
PROTO=TCP SPT=40360 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 10 16:33:08 radio kernel: [ 3937.010678] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=35.222.85.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33228 DF
PROTO=TCP SPT=40360 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 10 16:34:23 radio kernel: [ 4012.052235] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237
Feb 10 16:34:23 radio kernel: [ 4012.052245] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237
Feb 10 16:34:23 radio kernel: [ 4012.052263] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237
Feb 10 16:34:23 radio kernel: [ 4012.052308] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Feb 10 16:34:23 radio kernel: [ 4012.052313] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Feb 10 16:34:23 radio kernel: [ 4012.052331] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215
Feb 10 16:34:29 radio kernel: [ 4017.705758] [UFW AUDIT] IN=enp2s5 OUT=
MAC=ff:ff:ff:ff:ff:ff:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=32698 PROTO=UDP
SPT=138 DPT=138 LEN=215
martin at radio:~$

Are we missing a port or protocol?

Regards,
Marty

L.P.H. van Belle

2019-Feb-11 10:25 UTC

head link

[Samba] ,Re: Samba and ufw

Hi Martin,  
> -----Oorspronkelijk bericht-----
> Van: Martin McGlensey [mailto:mmcg29440 at frontier.com] 
> Verzonden: maandag 11 februari 2019 1:06
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: ,Re: [Samba] Samba and ufw
> 
> Louis,
> 
> Tried the rules you suggested:
> 
> These work. I think that rules out any Windows problems.
> ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39
> ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15
If these work, then correct, not a windows OR samba problem thats 100% sure.
Pure firewall problem. 
> 
> These do not work.
> ufw insert 1 allow in on enp2s5 proto tcp from 
> 192.168.254.0/24 to 192.168.254.39 port 139,445
> ufw insert 2 allow in on enp2s5 proto udp from 
> 192.168.254.0/24 to 192.168.254.39 port 137,138
> 
> Adding these does not work as well.
> ufw insert 1 allow in on enp2s5 proto tcp from 
> 192.168.254.0/24 to 192.168.254.39 port 1024:1300,49152:65535
> ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.39 
> to 192.168.254.0/24  port 1024:1300,49152:65535
> 
> No problem logging on with the firewall disabled or when 
> enabled with the first two rules.
So then theses are the problem for sure. 
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j 
LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j 
LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10 -j 
LOG --log-prefix "[UFW ALLOW] "

And 

-A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit 
--limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "
-A ufw-before-logging-input -m conntrack --ctstate NEW -m limit --limit 
3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "
-A ufw-before-logging-output -m conntrack --ctstate NEW -m limit --limit 
3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "


> 
> Tried adding port 135 mentioned in an internet search. No change.
> 
> Last part of /var/log/ufw.log:
> ..... (removed)... 
> 
> martin at radio:~$
> 
> Are we missing a port or protocol?
No, somehow your firewall rules dont match up. 
> 
> Regards,
> Marty
> 
I've checked my ubuntu 18.04 server, and 4 debian servers, and non of these
have these limit lines shown above.
I'm really wondering where these are coming from and all my servers run ufw
( none gufw )

What i would do no in this case, cleanup and start over, or you keep hitting
problems in the future.

Stop Disable ufw : ufw stop && ufw disable
Remove and purge ufw gufw  : apt-get remove --purge ufw gufw
Check if there are any rules left. : iptables --list-rules 
Reboot 
Check if there are any rules left. : iptables --list-rules 

If some things appear now, then something is loading rules, if thats the case
then we need to find that.
If its clean, you should see only this : 
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Now, install mlocate : apt install mlocate or use find, whatever you preffer. 
Run : updatedb && locate ufw

Find any leftovers of ufw in :

/etc/ufw/ 
/lib/ufw/

When its really clean, install ufw again. 
Only run : 
ufw allow 22 comment "Manual NMBD"
ufw allow 137,138/udp comment "Manual NMBD
ufw allow 139,445/tcp comment "Manual CIFS/SMBD"

Try again. (nmbd) is not really needed, but he, lets fix it, you can disable it
later on if needed.

Not working, what if you add this to /etc/ufw/after.rules 
At the top, after the first filter its commit 

*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
COMMIT

Now we are only talking here about NMBD 137, what is showing blocks in the logs.
But you dont need 137/138 all get access to the share. 


Last, if you run :  systemctl status firewalld  
Any output? Or firewall-cmd --state ? 

Greetz, 

Louis

Tony Hoover

2019-Feb-12 16:19 UTC

head link

[Samba] ,Re: Samba and ufw

Microsoft has the necessary ports (TCP and UDP) spelled out at:
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

Scroll down for the Windows Server 2008, 2012, 2012R2 section.
But basically, you're missing NTP, Kerberos, LDAP, and DNS on your firewall
rules.


--

---  Protect personal information. The identity saved could be your own.

Tony Hoover
Kansas State University, Polytechnic campus
hoover at k-state.edu<mailto:hoover at k-state.edu>
ph:  785 826 2660
zoom: 785 826 2660

On Sun, 2019-02-10 at 19:06 -0500, Martin McGlensey via samba wrote:

Louis,


Tried the rules you suggested:


These work. I think that rules out any Windows problems.

ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39

ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15


These do not work.

ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to
192.168.254.39 port 139,445

ufw insert 2 allow in on enp2s5 proto udp from 192.168.254.0/24 to
192.168.254.39 port 137,138


Adding these does not work as well.

ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to
192.168.254.39 port 1024:1300,49152:65535

ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.39 to
192.168.254.0/24  port 1024:1300,49152:65535


No problem logging on with the firewall disabled or when enabled with the first
two rules.


Tried adding port 135 mentioned in an internet search. No change.


Last part of /var/log/ufw.log:




martin at radio:~$ tail -n 30 /var/log/ufw.log

Feb 10 16:30:48 radio kernel: [ 3796.910381] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=224.0.0.251
LEN=167 TOS=0x00 PREC=0x00 TTL=255 ID=58501 DF PROTO=UDP SPT=5353 DPT=5353
LEN=147

Feb 10 16:32:14 radio kernel: [ 3882.641181] [UFW AUDIT] IN=enp2s5 OUT=
MAC=ff:ff:ff:ff:ff:ff:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=32676 PROTO=UDP
SPT=138 DPT=138 LEN=215

Feb 10 16:32:36 radio kernel: [ 3904.825197] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58

Feb 10 16:32:36 radio kernel: [ 3904.825208] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58

Feb 10 16:32:36 radio kernel: [ 3904.825234] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45827
DF PROTO=UDP SPT=54662 DPT=137 LEN=58

Feb 10 16:32:36 radio kernel: [ 3904.825833] [UFW AUDIT] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27398 PROTO=UDP SPT=137
DPT=54662 LEN=70

Feb 10 16:32:36 radio kernel: [ 3904.825853] [UFW BLOCK] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27398 PROTO=UDP SPT=137
DPT=54662 LEN=70

Feb 10 16:32:37 radio kernel: [ 3905.826375] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58

Feb 10 16:32:37 radio kernel: [ 3905.826387] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58

Feb 10 16:32:37 radio kernel: [ 3905.826411] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=45984
DF PROTO=UDP SPT=48574 DPT=137 LEN=58

Feb 10 16:32:37 radio kernel: [ 3905.826922] [UFW AUDIT] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27401 PROTO=UDP SPT=137
DPT=48574 LEN=70

Feb 10 16:32:37 radio kernel: [ 3905.826936] [UFW BLOCK] IN=enp2s5 OUT=
MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=27401 PROTO=UDP SPT=137
DPT=48574 LEN=70

Feb 10 16:32:38 radio kernel: [ 3906.828475] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58

Feb 10 16:32:38 radio kernel: [ 3906.828485] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58

Feb 10 16:32:38 radio kernel: [ 3906.828511] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=46172
DF PROTO=UDP SPT=60219 DPT=137 LEN=58

Feb 10 16:33:07 radio kernel: [ 3936.009704] [UFW AUDIT] IN= OUT=lo
SRC=127.0.0.1 DST=127.0.0.53 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17405 DF
PROTO=UDP SPT=49701 DPT=53 LEN=55

Feb 10 16:33:07 radio kernel: [ 3936.009741] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.53
LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17405 DF PROTO=UDP SPT=49701 DPT=53 LEN=55

Feb 10 16:33:07 radio kernel: [ 3936.009782] [UFW AUDIT] IN= OUT=lo
SRC=127.0.0.1 DST=127.0.0.53 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17406 DF
PROTO=UDP SPT=49701 DPT=53 LEN=55

Feb 10 16:33:07 radio kernel: [ 3936.009795] [UFW AUDIT] IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.53
LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=17406 DF PROTO=UDP SPT=49701 DPT=53 LEN=55

Feb 10 16:33:07 radio kernel: [ 3936.010381] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.254 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=50514
DF PROTO=UDP SPT=43870 DPT=53 LEN=55

Feb 10 16:33:07 radio kernel: [ 3936.010390] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.254 LEN=75 TOS=0x00 PREC=0x00 TTL=64 ID=50514
DF PROTO=UDP SPT=43870 DPT=53 LEN=55

Feb 10 16:33:08 radio kernel: [ 3937.010667] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=35.222.85.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33228 DF
PROTO=TCP SPT=40360 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0

Feb 10 16:33:08 radio kernel: [ 3937.010678] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=35.222.85.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33228 DF
PROTO=TCP SPT=40360 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0

Feb 10 16:34:23 radio kernel: [ 4012.052235] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237

Feb 10 16:34:23 radio kernel: [ 4012.052245] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237

Feb 10 16:34:23 radio kernel: [ 4012.052263] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=257 TOS=0x00 PREC=0x00 TTL=64
ID=52310 DF PROTO=UDP SPT=138 DPT=138 LEN=237

Feb 10 16:34:23 radio kernel: [ 4012.052308] [UFW AUDIT] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215

Feb 10 16:34:23 radio kernel: [ 4012.052313] [UFW ALLOW] IN= OUT=enp2s5
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215

Feb 10 16:34:23 radio kernel: [ 4012.052331] [UFW AUDIT] IN=enp2s5 OUT= MAC=
SRC=192.168.254.39 DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64
ID=52311 DF PROTO=UDP SPT=138 DPT=138 LEN=215

Feb 10 16:34:29 radio kernel: [ 4017.705758] [UFW AUDIT] IN=enp2s5 OUT=
MAC=ff:ff:ff:ff:ff:ff:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15
DST=192.168.254.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=32698 PROTO=UDP
SPT=138 DPT=138 LEN=215

martin at radio:~$


Are we missing a port or protocol?


Regards,

Marty

Maybe Matching Threads

Search for more maybe matching threads

samba - Feb 2019 - ,Re: Samba and ufw

[Samba] ,Re: Samba and ufw

[Samba] ,Re: Samba and ufw

[Samba] ,Re: Samba and ufw

Maybe Matching Threads