From 724115bcbfee446c4d9e969b88f50e93bca2056a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 15 Jan 2013 13:21:37 -0800 Subject: [PATCH 1/2] Add macro.ActiveDir Signed-off-by: Tom Eastep --- Shorewall/Macros/macro.ActiveDir | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 Shorewall/Macros/macro.ActiveDir diff --git a/Shorewall/Macros/macro.ActiveDir b/Shorewall/Macros/macro.ActiveDir new file mode 100644 index 000000000..625c44e70 --- /dev/null +++ b/Shorewall/Macros/macro.ActiveDir @@ -0,0 +1,40 @@ +# +# Shorewall version 4 - Samba 4 Macro +# +# /usr/share/shorewall/macro.ActiveDir +# +# This macro handles ports for Samba 4 Active Directory Service +# +# You can comment out the ports you do not want open +# +# +############################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ +# PORT(S) PORT(S) LIMIT GROUP +PARAM - - tcp 389 #LDAP services +PARAM - - udp 389 +PARAM - - tcp 636 #LDAP SSL +PARAM - - tcp 3268 #LDAP GC +PARAM - - tcp 3269 #LDAP GC SSL +PARAM - - tcp 88 #Kerberos +PARAM - - udp 88 + +# Use macro.DNS for DNS sevice + +PARAM - - tcp 445 #Replication, User and Computer Authentication, Group Policy, Trusts +PARAM - - udp 445 + +# Use macro.SMTP for Mail service + +PARAM - - tcp 135 #RPC, EPM +PARAM - - tcp 5722 #RPC, DFSR (SYSVOL) +PARAM - - udp 123 #Windows Time +PARAM - - tcp 464 #Kerberosb change/set password +PARAM - - udp 464 +PARAM - - udp 138 #DFS, Group Policy +PARAM - - tcp 9389 #SOAP +PARAM - - tcp 2535 #MADCAP +PARAM - - udp 2535 +PARAM - - udp 137 #NetLogon, NetBIOS Name Resolution +PARAM - - tcp 139 #DFSN, NetBIOS Session Service, NetLogon + From 066c159b4d33f184ad973d28918b9d23ef56130d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 17 Jan 2013 10:21:08 -0800 Subject: [PATCH 2/2] Provide instructions for changing DISABLE_IPV6 from Yes to No Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall.conf.xml | 28 +++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 9cbea2963..1fd5bd29a 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -607,6 +607,34 @@ Shorewall will take no action with respect to allowing or disallowing IPv6 traffic. If not specified or empty, “DISABLE_IPV6=No” is assumed. + + + After changing the setting from to + , you must execute the following + commands: + + + + shorewall restart + + + + ip6tables -F + + + + ip6tables -P INPUT ACCEPT + + + + ip6tables -P OUTPUT ACCEPT + + + + ip6tables -P FORWARD ACCEPT + + +