iptables OUTPUT rules for Samba connections

[Elias137]

Could anybody help me with Samba rules for the iptables OUTPUT chain? I have a paranoia, so default policy for my OUTPUT chain is DROP. I want control everything is going on within inside my computer and what's going outside. Unfortunately I couldn't figure out OUTPUT rules for Samba connections. I've tried hundreds combinations, but had no luck. The INPUT is below and it works fine, if my OUTPUT policy set to ACCEPT.

-A INPUT -p tcp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -p udp -m multiport --dports 139,445 -j ACCEPT
-A INPUT -p udp -m multiport --dports 137,138 -j ACCEPT

[Lazydog]

iptables -A INPUT -i eth0 -p tcp --sport 137:139 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 137:139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 445 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 445 -j ACCEPT

[Elias137]

Well, thank you in anyway but I miss the OUTPUT chain policy rules.

[Lazydog]

If you setup your firewall to be stateful you would not have to worry about the output rule.

for example:

Code:

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 137:139 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 137:139 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 445 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 445 -m state --state NEW -j ACCEPT     
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT