Table of Contents
Introduction
SMB (Server Message Block) is widely used for network file sharing on Linux, Windows, and macOS environments. However, exposing SMB ports without a proper firewall configuration poses significant security risks. One of the most fundamental layers of defense for any Linux-based system within an SMB environment is a well-configured firewall.
While Linux offers powerful firewall capabilities through iptables
, its complexity can be daunting for many. This is where UFW (Uncomplicated Firewall) comes to the rescue. UFW provides a user-friendly interface to manage iptables
rules, making it accessible even for those without deep firewall expertise, while still offering the power needed to protect your SMB’s Linux servers and workstations.
In this guide, we’ll walk through configuring UFW (Uncomplicated Firewall) on Linux to securely allow SMB traffic specifically over ports 445 and 139.
What is UFW?
UFW is a user-friendly front-end for iptables, the built-in firewall in most Linux distributions. It simplifies firewall management using straightforward commands to allow or deny traffic.
Which Ports Does SMB Use?
SMB uses the following default ports:
Port 445 – SMB over TCP (direct communication)
Port 139 – SMB over NetBIOS (legacy support)
To allow SMB, both may need to be opened, depending on your environment.
Step-by-Step: Configuring UFW for SMB
Check if UFW is Installed.
sudo ufw status
If not installed.
sudo apt install ufw
Enable UFW
sudo ufw enable
Allow SMB Traffic.
sudo ufw allow 445/tcp
sudo ufw allow 139/tcp
Optional: You can also restrict access to internal subnets only for better security.
sudo ufw allow from 192.168.1.0/24 to any port 445 proto tcp
Check Status
sudo ufw status verbose
How to Block SMB Ports (445/139)
To completely block SMB traffic:
sudo ufw deny 445/tcp
sudo ufw deny 139/tcp
This is essential for systems that do not require SMB services.
Alternatives to SMB for File Sharing
SFTP (SSH File Transfer Protocol)
NFS (Network File System)
rsync over SSH
These offer more secure and encrypted alternatives to SMB.
Conclusion
Configuring UFW is a straightforward yet highly effective step in bolstering the security posture of your SMB’s Linux infrastructure. By following these guidelines, you can significantly reduce your exposure to cyber threats, ensuring that your valuable data and services remain protected. Start implementing UFW today and give your business the foundational security it deserves.
- Design