[Samba] Blocking internet access to Samba
Andrew Bartlett
abartlet at samba.org
Wed Oct 30 20:54:00 GMT 2002
Kaleb Pederson wrote:
>
> Yes, that's definitely coming from a different subnet.
>
> iptables handles it just fine if configured well. I use something like:
>
> -A INPUT # if coming from local subnet # -j localnet
> -A INPUT # if coming from external source # -j badnet
>
> -A badnet -p tcp -m tcp --dport 22 -j ACCEPT
> -A badnet -j DROP
>
> -A localnet -p tcp -m tcp --dport 22 -j ACCEPT
> -A localnet -p tcp -m tcp --dport 80 -j ACCEPT
> -A localnet -j samba
> -A localnet -j DROP
>
> -A samba -p tcp -m tcp --dport 139 -j ACCEPT
> -A samba -p udp -m udp --dport 137 -j ACCEPT
> -A samba -p udp -m udp --dport 138 -j ACCEPT
> -A samba -p tcp -m tcp --dport 901 -j ACCEPT # for swat
And tcp 445, the new port that Win2k (and hence Samba 3.0) now uses.
(Netbiosless SMB/CIFS)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list