[Samba] deny new connections

Steven Broos Steven.Broos at politie.antwerpen.be
Thu Mar 6 06:20:42 MST 2014

I was looking for a solution in Samba, but just tried something with iptables.
Does this seem like a valid solution ?

iptables -A INPUT -m state --state new -j DROP

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Steven Broos
Sent: donderdag 6 maart 2014 14:07
To: 'samba at lists.samba.org'
Subject: [Samba] deny new connections

Hi people,

I was wondering: is it possible to deny all new connections to samba, but keep the current connections working ?

We have some applications running from a samba share. To update the application everybody needs to close it.
Since we have almost 1000 concurrent users, 24/7, it is difficult to keep them out.
My solution now is:

-          Communicating the downtime and provide a time window in which users cannot access the application

-          In that time window: checking smbstatus for who is still logged in, phone them, and ask to quit the app

-          Change smb.conf to only allow my IP address, restart smb

-          Update

-          Restore original config and restart

Big culprit in this method is that sometimes users start the application while I stop or restart samba.
This often causes data-file corruption; the apps are very sensitive to that .

It would be very handy to deny new connections, but keep current connections (new file locks included) working.

Vriendelijke groeten,
Steven Broos | systeembeheerder
Lokale Politie Antwerpen | ICT
Digipolis I, Generaal Armstrongweg 1 | 2020 Antwerpen tel. 03 338 99 60 | fax 03 338 99 61 steven.broos at politie.antwerpen.be www.politieantwerpen.be

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list