Member Avatar for shwick
shwick 0 Junior Poster in Training

Running ubuntu 8.04.

Recently I was making some iptables rules to allow samba services. As a proof of concept:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m udp --dport 137 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m udp --dport 138 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 139 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 445 -m state --state NEW -j ACCEPT
iptables -P INPUT DROP

The rules worked properly. I then removed the "-m udp" part, restarted my windows machine and couldn't look at samba files.

I thought that "-p tcp" implied "-m tcp", so why doesn't "-p udp" imply "-m udp". That's why I don't have "-m tcp" on all of my rules.

I understand that "various extra command line options become available, depending on the specific module", http://iptables-tutorial.frozentux.net/other/iptables.html, but I thought all you needed to match a protocol was "-p".

  • 1 Contributor
  • 0 Replies
  • 63 Views
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.