UFW firewall still blocking SMB despite adding rules

firewall ufw samba

Mike's sudo ufw allow Samba works like a charm.

I personally prefer restricting to my private subnet, so for others who like the same, use:

$ sudo ufw allow from 192.168.0.0/16 to any app Samba

Also, try running sudo ufw app list for a list of other apps you can use as short-hand to the required ports (eg. Postfix, OpenSSH, etc). Makes your firewall rules list a lot easier to read and maintain.


To allow samba with ufw use the following command

sudo ufw allow Samba

See the links given to you by other users for additional information.


As I found no ufw profile for samba 4 I set up my own which worked for me (opens the ports as listed in the Samba Wiki: Ports for Samba 4 as PDC) and is easier to manage :

  1. Create a new file: /etc/ufw/applications.d/samba4 with the following content

    [Samba4]
title=Samba 4
description=Samba 4 as domain controller
ports=53|88|135/tcp|137/udp|138/udp|139/tcp|389|445/tcp|464|636/tcp|1024:5000/tcp|3268/tcp|3269/tcp|5353

  2. Now add it to ufw with one of the following commands:

    • sudo ufw allow from 192.168.192.0/24 to any app samba4 if you want to only allow it on your 192.168.1.0/24 network
    • sudo ufw allow samba4 if you want to allow it for every network

If you enter sudo ufw status verbose it will output something like the following

to                         action      from
--                         ------      ---
....
53 (Samba4)                ALLOW IN    192.168.1.0/24
88 (Samba4)                ALLOW IN    192.168.1.0/24
135/tcp (Samba4)           ALLOW IN    192.168.1.0/24
137/udp (Samba4)           ALLOW IN    192.168.1.0/24
138/udp (Samba4)           ALLOW IN    192.168.1.0/24
139/tcp (Samba4)           ALLOW IN    192.168.1.0/24
389 (Samba4)               ALLOW IN    192.168.1.0/24
445/tcp (Samba4)           ALLOW IN    192.168.1.0/24
464 (Samba4)               ALLOW IN    192.168.1.0/24
636/tcp (Samba4)           ALLOW IN    192.168.1.0/24
1024:5000/tcp (Samba4)     ALLOW IN    192.168.1.0/24
3268/tcp (Samba4)          ALLOW IN    192.168.1.0/24
3269/tcp (Samba4)          ALLOW IN    192.168.1.0/24
5353 (Samba4)              ALLOW IN    192.168.1.0/24

Try this:

As root, open /etc/default/ufw

Look for the line like this:

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"

Add nf_conntrack_netbios_ns to the line so that it looks like this:

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns"

Now reload the firewall:

sudo ufw reload

Related

Chrome Running Slow
How can I kill a process with a phrase in its name? [duplicate]
Merge all pdf files from one folder
How to show the day of the week on the desktop date with Ubuntu 20.04 LTS
How to take partial screen shots?
Permission drwxrwxr -x [duplicate]
move forward and backward by one word
How to kill wine processes when they crash or are going to crash?
SSH to home computers
LibreOffice - Calibri font availible when opening a doc but not in dropdown
"Diablo-esque" game that runs on linux (preferably free) [closed]
Why does moving some files in a folder take longer than moving the whole folder?