LinuxSecurity

Configuring Linux Firewall with UFW for SMB

By vmorecloud
2,981

Introduction

SMB (Server Message Block) is widely used for network file sharing on Linux, Windows, and macOS environments. However, exposing SMB ports without a proper firewall configuration poses significant security risks. One of the most fundamental layers of defense for any Linux-based system within an SMB environment is a well-configured firewall.

While Linux offers powerful firewall capabilities through iptables, its complexity can be daunting for many. This is where UFW (Uncomplicated Firewall) comes to the rescue. UFW provides a user-friendly interface to manage iptables rules, making it accessible even for those without deep firewall expertise, while still offering the power needed to protect your SMB’s Linux servers and workstations.

In this guide, we’ll walk through configuring UFW (Uncomplicated Firewall) on Linux to securely allow SMB traffic specifically over ports 445 and 139.

What is UFW?

UFW is a user-friendly front-end for iptables, the built-in firewall in most Linux distributions. It simplifies firewall management using straightforward commands to allow or deny traffic.

Which Ports Does SMB Use?

SMB uses the following default ports:

Port 445 – SMB over TCP (direct communication)

Port 139 – SMB over NetBIOS (legacy support)

To allow SMB, both may need to be opened, depending on your environment.

Step-by-Step: Configuring UFW for SMB

Check if UFW is Installed.

sudo ufw status

If not installed. 

sudo apt install ufw

Enable UFW

sudo ufw enable

Allow SMB Traffic.

sudo ufw allow 445/tcp
sudo ufw allow 139/tcp

Optional: You can also restrict access to internal subnets only for better security.

sudo ufw allow from 192.168.1.0/24 to any port 445 proto tcp

Check Status

sudo ufw status verbose

How to Block SMB Ports (445/139)

To completely block SMB traffic:

sudo ufw deny 445/tcp
sudo ufw deny 139/tcp

This is essential for systems that do not require SMB services.

Alternatives to SMB for File Sharing

SFTP (SSH File Transfer Protocol)

NFS (Network File System)

rsync over SSH

These offer more secure and encrypted alternatives to SMB.

Conclusion

Configuring UFW is a straightforward yet highly effective step in bolstering the security posture of your SMB’s Linux infrastructure. By following these guidelines, you can significantly reduce your exposure to cyber threats, ensuring that your valuable data and services remain protected. Start implementing UFW today and give your business the foundational security it deserves.

80%
Awesome
  • Design
vmorecloud 396 posts 4 comments
You might also like More from author
Leave A Reply

Your email address will not be published.

Verified by MonsterInsights