Unwanted browse lists
Michel
michel at nijenrode.nl
Tue Oct 6 20:25:54 GMT 1998
Thanks for your thoughts. But would this still allow these clients to
browse the server ?
Michel.
--
Michel van der Laan - michel at nijenrode.nl
http://www.nijenrode.nl/~michel
In your mail from 6-10-1998 you write:
> Michel,
>
> One approach that hasn't been suggested is to block access to the netbios
> nameservice port on the samba host with a firewalling rule. That way the
> other computers on the subnet can't register themselves with nmbd.
>
> Suppose that your internal network is all within the 192.168.15.0/24
> network. Each Windows workstation will automatically announce itself with
> a udp packet broadcast to 192.168.15.255 on port 137. So if your OS
> supports firewalling you can just write a deny rule for packets that meet
> those criteria.
>
> For instance, using Linux, I can write the following rule:
>
> ipfwadm -I -a deny -S 192.168.15.0/24 -D 192.168.15.255 137 -P udp
>
> which drops all packets destined for the udp netbios-ns port at 137. Of
> course, you could enable specific machines to be listed by adding
> additional rules above this one. If, for instance, you wanted the machine
> at 192.168.15.1 to appear in Network Neighborhood, you'd add the rule:
>
> ipfwadm -I -a accept -S 192.168.15.1 -D 192.168.15.255 137 -P udp
>
> before the general deny rule above.
>
> Peter
>
>
> -----
>
> Peter H. Lemieux Voice: (800) 5-CYWAYS
> CYWAYS, Incorporated (+1 617 796 8995)
> 19 Westchester Road Fax: (617) 796-8997
> Newton, Massachusetts 02458-2519 USA Web: http://www.cyways.com
More information about the samba
mailing list