Unwanted browse lists
Peter H. Lemieux
phl at cyways.com
Tue Oct 6 18:24:16 GMT 1998
Michel,
One approach that hasn't been suggested is to block access to the netbios
nameservice port on the samba host with a firewalling rule. That way the
other computers on the subnet can't register themselves with nmbd.
Suppose that your internal network is all within the 192.168.15.0/24
network. Each Windows workstation will automatically announce itself with
a udp packet broadcast to 192.168.15.255 on port 137. So if your OS
supports firewalling you can just write a deny rule for packets that meet
those criteria.
For instance, using Linux, I can write the following rule:
ipfwadm -I -a deny -S 192.168.15.0/24 -D 192.168.15.255 137 -P udp
which drops all packets destined for the udp netbios-ns port at 137. Of
course, you could enable specific machines to be listed by adding
additional rules above this one. If, for instance, you wanted the machine
at 192.168.15.1 to appear in Network Neighborhood, you'd add the rule:
ipfwadm -I -a accept -S 192.168.15.1 -D 192.168.15.255 137 -P udp
before the general deny rule above.
Peter
-----
Peter H. Lemieux Voice: (800) 5-CYWAYS
CYWAYS, Incorporated (+1 617 796 8995)
19 Westchester Road Fax: (617) 796-8997
Newton, Massachusetts 02458-2519 USA Web: http://www.cyways.com
More information about the samba
mailing list