I set up iptables along with here. I thought I couldn't connect to the shared directory in Garuda Linux from Windows with Samba which was installed in Garuda before because I didn't set any settings into iptables allowing Samba to work. But I could.
It confused me. So I decided to experiment if iptables works. I changed all policies to DROP.
$ sudo iptables --flush
$ sudo iptables -P INPUT DROP
$ sudo iptables -P OUTPUT DROP
$ sudo iptables -P FORWARD DROP
$ sudo iptables -nvL --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 14 packets, 1114 bytes)
num pkts bytes target prot opt in out source destination
Chain TCP (0 references)
num pkts bytes target prot opt in out source destination
Chain UDP (0 references)
num pkts bytes target prot opt in out source destination
But still I can access to the files in the shared directory from Windows. Even, I can make new files, edit, save and delete them.
All DROP iptables blocks ping from Windows. So I can't understand why samba can still communicate with win. I'm not sure whose bug this is, garuda's or samba's.
I think you may have some leftover user chain, try as root or sudo:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -F
iptables -X
If you will not use smb/nmb you can disable it instead - as you may already know, if is just the case of blocking incoming smb requests you may find ufw easier to understand than iptables.
Thanks for the advice guys. I succeeded to control samba connection using ufw. Here is the steps I tried.
(root or sudo)
ufw enable
ufw default DENY # samba is disconnected here
ufw allow 137:138/udp
ufw allow 139,445/tcp # samba reconnects here
I ran iptables -nL after this and it shows a lot of lines. iptables is more complicated than I had expected. Maybe, settings I made were not enough.
My first purpose was to make my garuda more secure. So I started to set up iptables along arch wiki and I wanted to check if my settings work. Samba is only software that accepts connection from outside of garuda then. That's why I used it.
I don't wanna block samba, but just wanna test iptables to ensure my garuda gets secure. I'm gonna use ufw to set up security settings.
Anyway, thanks guys!
@perewa I tried that but the connection was still maintained. I understood samba uses a secret way to connect with windows like avoiding iptables policy lol. (I know ufw just overwraps iptables' commands. But this issue goes beyond my understanding!)