Table of Contents
Introduction
SMB (Server Message Block) is widely used for network file sharing on Linux, Windows, and macOS environments. However, exposing SMB ports without a proper firewall configuration poses significant security risks. In this guide, we’ll walk through configuring UFW (Uncomplicated Firewall) on Linux to securely allow SMB traffic—specifically over ports 445 and 139.
What is UFW?
UFW is a user-friendly front-end for iptables, the built-in firewall in most Linux distributions. It simplifies firewall management using straightforward commands to allow or deny traffic.
Which Ports Does SMB Use?
SMB uses the following default ports:
Port 445 – SMB over TCP (direct communication)
Port 139 – SMB over NetBIOS (legacy support)
To allow SMB, both may need to be opened, depending on your environment.
Step-by-Step: Configuring UFW for SMB
Check if UFW is Installed.
sudo ufw status
If not installed.
sudo apt install ufw
Enable UFW
sudo ufw enable
Allow SMB Traffic.
sudo ufw allow 445/tcp
sudo ufw allow 139/tcp
Optional: You can also restrict access to internal subnets only for better security.
sudo ufw allow from 192.168.1.0/24 to any port 445 proto tcp
Check Status
sudo ufw status verbose
How to Block SMB Ports (445/139)
To completely block SMB traffic:
sudo ufw deny 445/tcp
sudo ufw deny 139/tcp
This is essential for systems that do not require SMB services.
Alternatives to SMB for File Sharing
SFTP (SSH File Transfer Protocol)
NFS (Network File System)
rsync over SSH
These offer more secure and encrypted alternatives to SMB.
Conclusion
Configuring your Linux firewall using UFW is a straightforward yet powerful step in securing SMB traffic. Whether you’re managing internal file sharing or hardening a server, controlling SMB ports (445/139) through UFW improves both visibility and security.
- Design