Unwanted browse lists

Peter H. Lemieux phl at cyways.com
Tue Oct 6 18:24:16 GMT 1998


Michel,

One approach that hasn't been suggested is to block access to the netbios
nameservice port on the samba host with a firewalling rule.  That way the
other computers on the subnet can't register themselves with nmbd.

Suppose that your internal network is all within the 192.168.15.0/24
network.  Each Windows workstation will automatically announce itself with
a udp packet broadcast to 192.168.15.255 on port 137.  So if your OS
supports firewalling you can just write a deny rule for packets that meet
those criteria.

For instance, using Linux, I can write the following rule:

ipfwadm -I -a deny -S 192.168.15.0/24 -D 192.168.15.255 137 -P udp

which drops all packets destined for the udp netbios-ns port at 137.  Of
course, you could enable specific machines to be listed by adding
additional rules above this one.  If, for instance, you wanted the machine
at 192.168.15.1 to appear in Network Neighborhood, you'd add the rule:

ipfwadm -I -a accept -S 192.168.15.1 -D 192.168.15.255 137 -P udp 

before the general deny rule above.

Peter


-----

Peter H. Lemieux				Voice:	(800) 5-CYWAYS	
CYWAYS, Incorporated					(+1 617 796 8995)
19 Westchester Road				Fax:	(617) 796-8997
Newton, Massachusetts 02458-2519 USA		Web:    http://www.cyways.com



More information about the samba mailing list