[Firehol-support] Using "client all accept" isn't enough to access samba shares

Costa Tsaousis costa at tsaousis.gr
Wed Feb 25 22:49:39 GMT 2009

Laurento Frittella wrote:
>>> Hi all,
>>> if I use "client all accept" (but I've tried with "client samba accept"
>>> too) firehol still filter some useful traffic:
>>> Dec 23 17:49:52 thot IN-lan:IN=eth0 OUT=
>>> MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC= DST=
>>> LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=27951 PROTO=UDP SPT=137 DPT=48003
>>> LEN=76 
>>> (where is the samba server and my notebook running
>>> firehol)
>>> If I stop firehol (disabling all filtering) all works well. How can I
>>> solve this issue?
I am very sorry, but you cannot. Check this: 

What you can do is:

at the top of firehol.conf define this:

# Remote CIFS, to make samba work for clients

then, in your interface add:

client samba accept
server rcifs accept src

Remember that this server statement opens all your high UDP ports from 
the samba server's port udp/137.


More information about the Firehol-support mailing list