samba and firewalls

Ian Chilton ian at ichilton.co.uk
Thu Apr 27 13:49:04 GMT 2000 

Hello,

I run a similar configuration, but with a dial-up PPP link, and just use
these rules in my firewall, then no one can get access to Samba, from
outside...


# SMB: Reject SMB traffic FROM and TO external machines.
echo "     - Silently rejecting TCP/UDP SMB traffic on the external
internface."
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTIP
137
/sbin/ipchains -A input -j REJECT -i $EXTIF -p udp -s $UNIVERSE -d $EXTBROAD
137
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTBROAD
137
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTIP
138
/sbin/ipchains -A input -j REJECT -i $EXTIF -p udp -s $UNIVERSE -d $EXTBROAD
138
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTBROAD
138
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE -d $EXTIP
139
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 137 -d
$EXTIP
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 138 -d
$EXTIP
/sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d
$EXTIP
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP -d $UNIVERSE
137 $LOGGING
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP -d $UNIVERSE
138 $LOGGING
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP -d $UNIVERSE
139 $LOGGING
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP 137 -d
$UNIVERSE 137 $LOGGING
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP 138 -d
$UNIVERSE 138 $LOGGING
/sbin/ipchains -A output -j REJECT -i $EXTIF -p udp -s $EXTIP 139 -d
$UNIVERSE 139 $LOGGING



> Run portsentry

Where do I get this???????


Thanks..


Bye for Now,

Ian


                     \|||/
                     (o o)
 /----------------ooO-(_)-Ooo---------------\
 |  Ian Chilton                             |
 |                                          |
 |  E-Mail:    ian at ichilton.co.uk           |
 |  Web Page:  http://www.ianchilton.co.uk  |
 \------------------------------------------/


All e-mail is forwarded to my mobile phone.
(unless it includes an attachment)

However, I only receive the first 150 characters.
Please structure your message accordingly.


"Unix is user friendly - it's just picky about it's friends."

"Windows is a 32 bit patch to a 16 bit GUI based on a 8 bit operating system
written for a 4 bit processor by a 2 bit company which can not stand 1 bit
of competition."

More information about the samba mailing list