[Samba] deny new connections

Marc Muehlfeld samba at marc-muehlfeld.de
Thu Mar 6 11:46:16 MST 2014

Hello Steven

Am 06.03.2014 14:06, schrieb Steven Broos:
 > I was wondering: is it possible to deny all new connections to samba,
 > but keep the current connections working ?

I don't know a good solution for that inside Samba.

Maybe you can try to set 'max smbd processes' and after a while, if some 
more users have logged out, reduce it and reload Samba with smbcontrol. 
Don't restart, because your client's will loose the connection!

Repeat this and when you finally reached that the last one is locked 
out, you can shut the Service down.

I'm not sure if this is a working way. But the only I get in my mind at 
the moment for doing this inside Samba.

Am 06.03.2014 14:20, schrieb Steven Broos:
> I was looking for a solution in Samba, but just tried something with iptables.
> Does this seem like a valid solution ?
> iptables -A INPUT -m state --state new -j DROP

You can try this. I'm not very familiar with the SMB protocol details. 
But newer SMB protocol version have features for connections, that can 
get interrupted and can reconnect without any interruption for the 
client and open files (See 
Maybe if a connection get's temporary disconnected, but not because the 
client logs out, it wouldn't reconnect and you would loose data, too, if 
a server based application crashes.

If you use the iptables way, don't choose DROP - use REJECT. If you drop 
the connections, the clients have to wait until they get a timeout and 
your client/application could be slow or hanging. If you reject the 
connection, then Windows knows directly that the connection isn't possible.


More information about the samba mailing list