-
Notifications
You must be signed in to change notification settings - Fork 4
/
iptables-allow-samba
executable file
·156 lines (130 loc) · 4.32 KB
/
iptables-allow-samba
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/usr/bin/env python
# Configure iptables (the Linux firewall) to allow network traffic for some well known programs:
# iptables-allow-samba [-i interface]: allow Samba network traffic
# iptables-allow-ssh [-i interface]: allow SSH network traffic
# iptables-allow-mdns [-i interface]: allow mDNS network traffic
import sys
import os
import subprocess
import optparse
# Samba (see "Using a firewall" in http://www.samba.org/samba/docs/server_security.html):
# https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html
SAMBA_PORTS = [
('tcp', 135), # used by smbd
('udp', 137), # used by nmbd
('udp', 138), # used by nmbd
('tcp', 139), # used by smbd
('tcp', 445), # used by smbd
]
SSH_PORTS = [
('tcp', 22),
]
# mDNS, a.k.a. zefroconf is implemented by Avahi under Linux
# and by Bonjour in Apple products.
MDNS_PORTS = [
('udp', 5353),
]
# DAAP (Digital Audio Access Protocol) is used by iTunes and other music players
DAAP_PORTS = [
('tcp', 3689),
]
NFSv4_PORTS = [
('tcp', 2049),
]
HTTP_PORTS = [
('tcp', 80),
]
SOUNDWIRE_PORTS = [
('udp', 59010),
('udp', 59011),
]
# https://support.steampowered.com/kb_article.php?ref=3629-RIAV-1617<Paste>
# "What network ports does streaming use?
# Streaming uses UDP ports 27031 and 27036 and TCP ports 27036 and 27037.
# Please make sure Steam can listen on these ports in your firewall software."
STEAM_PORTS = [
('udp', 27031),
('udp', 27036),
('tcp', 27036),
('tcp', 27037),
]
# TODO: DLNA?
def iptables_allow(ports, interface=None):
cmd = [ 'sudo', 'iptables' ]
if interface is not None:
cmd.extend([ '-i', interface ])
for (tcp_udp, dport) in ports:
subprocess.check_call(cmd + ['-I', 'INPUT', '1',
'-p', tcp_udp, '--dport', '%d' % (dport,), '-j', 'ACCEPT'])
main_function_map = {}
def main_function(func):
global main_function_map
main_function_map[func.__name__.replace('_','-')] = func
return func
@main_function
def iptables_allow_samba(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(SAMBA_PORTS, options.interface)
@main_function
def iptables_allow_ssh(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(SSH_PORTS, options.interface)
@main_function
def iptables_allow_mdns(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(MDNS_PORTS, options.interface)
@main_function
def iptables_allow_daap(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(DAAP_PORTS, options.interface)
@main_function
def iptables_allow_nfsv4(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(NFSv4_PORTS, options.interface)
@main_function
def iptables_allow_http(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(HTTP_PORTS, options.interface)
@main_function
def iptables_allow_soundwire(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(SOUNDWIRE_PORTS, options.interface)
@main_function
def iptables_allow_steam(args):
op = optparse.OptionParser(option_list = [
optparse.Option('-i', '--interface', default=None),
])
(options, args) = op.parse_args(args)
iptables_allow(STEAM_PORTS, options.interface)
def main_function_dispatch(name, args):
try:
f = main_function_map[name]
except KeyError:
sys.stderr.write('%s is not a valid command name\n' % (name,))
sys.exit(2)
f(args)
def program_name():
return os.path.basename(sys.argv[0])
if __name__ == '__main__':
main_function_dispatch(program_name(), sys.argv[1:])