Unwanted browse lists

Peter H. Lemieux phl at cyways.com
Tue Oct 6 18:24:16 GMT 1998


One approach that hasn't been suggested is to block access to the netbios
nameservice port on the samba host with a firewalling rule.  That way the
other computers on the subnet can't register themselves with nmbd.

Suppose that your internal network is all within the
network.  Each Windows workstation will automatically announce itself with
a udp packet broadcast to on port 137.  So if your OS
supports firewalling you can just write a deny rule for packets that meet
those criteria.

For instance, using Linux, I can write the following rule:

ipfwadm -I -a deny -S -D 137 -P udp

which drops all packets destined for the udp netbios-ns port at 137.  Of
course, you could enable specific machines to be listed by adding
additional rules above this one.  If, for instance, you wanted the machine
at to appear in Network Neighborhood, you'd add the rule:

ipfwadm -I -a accept -S -D 137 -P udp 

before the general deny rule above.



Peter H. Lemieux				Voice:	(800) 5-CYWAYS	
CYWAYS, Incorporated					(+1 617 796 8995)
19 Westchester Road				Fax:	(617) 796-8997
Newton, Massachusetts 02458-2519 USA		Web:    http://www.cyways.com

More information about the samba mailing list