similar to: firewalld services to open for an ADDC

Hai, If you use that or the AD, then its incomplete, imo. Your missing ldaps (636) and the GC (ssl) 3268/3269) ports and maybe NTP (123/tcp) if installed. Maybe you dont need them, just an observation. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff > Sadowski via samba > Verzonden: dinsdag 13 februari 2018

On Mon, Feb 12, 2018 at 11:50 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote: > Hi Jeff, > > Am 13.02.2018 um 05:16 schrieb Jeff Sadowski via samba: >> So my question is what services or ports am I missing to open? > > AD DCs: > https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage perfect exactly what I was looking for I found some docs about firewalld that

On Tue, Feb 13, 2018 at 8:30 AM, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: > Hai, > > If you use that or the AD, then its incomplete, imo. > Your missing ldaps (636) and the GC (ssl) 3268/3269) ports and maybe NTP (123/tcp) if installed. > Maybe you dont need them, just an observation. > Oh I see I need to look at the ports in the chart not just the ones

Hai, Not complete yet, but functional, tested on debian Stretch. This is a bit what i use to setup every server. https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-ufw.sh Setup Ufw , in restrictive mode. Autodetects the AD DC's. Autodetects your mail server if MX is in the dns. Enable/disable ipv6 Enable ping out. Restrict logging to ufw. More to come, but its a

Hi! I have a minimal installation of centos8 + packages for freeipa as a vbox vm. there is something strange with the firewall rules : [root at ldap ~]# iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT [root at ldap ~]# firewall-cmd --get-active-zones public interfaces: enp0s17 [root at ldap ~]# firewall-cmd --state running [root at ldap ~]# firewall-cmd --zone=public

Progress... On 08/27/2015 08:50 AM, L.P.H. van Belle wrote: > After reading this thread.. and ..seeing the comments.. > > I googled a bit around. and yes.. more then 5 sec.. ;-) > > I wonder why almost every "centos/redhat/rpm based" howto removes firewalld with the base iptables service > now, i'm not "pro" systemd or con systemd, i use it but i set my

mDNS is not DNS mDNS (zeroconf/avahi) ( used for .local and .lan reserved tlds ) is an apple thingy.. mDNS udp 5353 DNS tcp/udp 53. Yes, dns tcp + udp. If and dns udp package is to large it switches to tcp. got that from wiets ( the postfix developer ) So i must believe him.. wiets is great.. ( and dutch ) :-)) Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba

Oh, this really helps. See below, though. On 08/27/2015 09:33 AM, Rowland Penny wrote: > On 27/08/15 14:25, Robert Moskowitz wrote: >> Progress... >> >> On 08/27/2015 08:50 AM, L.P.H. van Belle wrote: >>> After reading this thread.. and ..seeing the comments.. >>> >>> I googled a bit around. and yes.. more then 5 sec.. ;-) >>>

Hi, One of our AWS machines was used in an DOS attack last night and I am looking for possible attack vectors. AWS tells me it was sending UDP port 0 traffic to a cloudflare address. This instance had an incorrectly configured AWS security group exposing all ports. The server in question is a Centos 7 based FreeIPA server, OpenVPN concentrator and DNS server. With a brief inspection before the

On 27/08/15 13:50, L.P.H. van Belle wrote: > After reading this thread.. and ..seeing the comments.. > > I googled a bit around. and yes.. more then 5 sec.. ;-) > > I wonder why almost every "centos/redhat/rpm based" howto removes firewalld with the base iptables service Now here's a funny thing, I was searching the samba wiki for 'firewall' and found there

Now with firewalld, opening up ports is now 'better' done by opening services. So what do I need, for starters it seems: dns, dhcp, dhcpv6, samba, kerberos Here is the list of services: RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd

On 08/27/2015 03:29 AM, Rowland Penny wrote: > On 27/08/15 05:20, Robert Moskowitz wrote: >> Now with firewalld, opening up ports is now 'better' done by opening >> services. So what do I need, for starters it seems: >> >> dns, dhcp, dhcpv6, samba, kerberos >> >> Here is the list of services: >> >> RH-Satellite-6 amanda-client bacula

I am familiar with using commands like: firewall-cmd --permanent --add-service=http To enable firewalld services. I am also aware that this is through xml 'scripts' in: /usr/lib/firewalld/services/ But what I find interesting is what services are there and which are not. I went a'lookin with: grep "port=" /usr/lib/firewalld/services/*|more And found some like:

On 27/08/15 14:25, Robert Moskowitz wrote: > Progress... > > On 08/27/2015 08:50 AM, L.P.H. van Belle wrote: >> After reading this thread.. and ..seeing the comments.. >> >> I googled a bit around. and yes.. more then 5 sec.. ;-) >> >> I wonder why almost every "centos/redhat/rpm based" howto removes >> firewalld with the base iptables

correction samba-dc still doesn't come with samba-tool On Thu, Jul 28, 2016 at 10:13 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I would like to start testing this? I saw a few months back Alexander > Bokovoy Released a build for F23 and I started using that. Now that F24 > is out I have to look for a way to upgrade. Is there a build for rawhide > with this?

Am 27.08.2015 um 12:07 schrieb Rowland Penny: > Well, I don't think I will ever be able to help you with firewalld, it > sounds like it has something to with systemd and I will never use that > abortion, I may have to start using freebsd. can you please stop your systemd-trolling or at least assume something has to do with systemd because it has a 'd' letter in the name

Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried

I just noticed that when rebooting a CentOS 7 server the firewall comes back up with both interfaces set to REJECT, instead of the eth1 interface set to ACCEPT as defined in 'permanent' firewalld configuration files. All servers are up to date. By "just noticed" I mean that I finally investigated why a newly rebooted VM failed to allow NFS connections. Prior to doing that.

After a recent large update, firewalld's status contains many lines of the form: WARNING: COMMAND_FAILED: '/usr/sbin/iptables... Checking iptables.service status shows it to be masked. I realize that firewalld uses iptables, but should it be enabled and started as a service? Jon -- Jon H. LaBadie jcu at labadie.us 11226 South Shore Rd. (703) 787-0688 (H)

Hey all, I'm having a little trouble opening up a port on a C7 machine. Here's the default zone: [root at appd:~] #firewall-cmd --get-default-zone home So I try to add the port: [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success Then I reload firewalld: [root at appd:~] #firewall-cmd --reload success Simple! That should do it. Right? Well not quite. Cuz when