iptables: why only OUTPUT rules are needed for samba clients?
I tried the following iptables rules for samba client and they worked.
Please note that policy for INPUT, OUTPUT and FORWARD were all set to DROP
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -p udp --dport 137 -j
ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -p udp --dport 138 -j
ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -p tcp --dport 139 -j
ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -p tcp --dport 445 -j
ACCEPT
My question is : why are only OUTPUT rules needed for samba clients?
Doesn't a samba client receive unsolicited packets from server end? Why
don't we need INPUT rules to open those ports for incoming packets?
An additional question: does the chain names carry any significance of
directions internally or are they just mnemonics for easy understanding?
No comments:
Post a Comment