[Samba] deny new connections
Marc Muehlfeld
samba at marc-muehlfeld.de
Thu Mar 6 11:46:16 MST 2014
Hello Steven
Am 06.03.2014 14:06, schrieb Steven Broos:
> I was wondering: is it possible to deny all new connections to samba,
> but keep the current connections working ?
I don't know a good solution for that inside Samba.
Maybe you can try to set 'max smbd processes' and after a while, if some
more users have logged out, reduce it and reload Samba with smbcontrol.
Don't restart, because your client's will loose the connection!
Repeat this and when you finally reached that the last one is locked
out, you can shut the Service down.
I'm not sure if this is a working way. But the only I get in my mind at
the moment for doing this inside Samba.
Am 06.03.2014 14:20, schrieb Steven Broos:
> I was looking for a solution in Samba, but just tried something with iptables.
> Does this seem like a valid solution ?
>
> iptables -A INPUT -m state --state new -j DROP
You can try this. I'm not very familiar with the SMB protocol details.
But newer SMB protocol version have features for connections, that can
get interrupted and can reconnect without any interruption for the
client and open files (See
http://technet.microsoft.com/en-gb/library/ff625695%28v=ws.10%29.aspx).
Maybe if a connection get's temporary disconnected, but not because the
client logs out, it wouldn't reconnect and you would loose data, too, if
a server based application crashes.
If you use the iptables way, don't choose DROP - use REJECT. If you drop
the connections, the clients have to wait until they get a timeout and
your client/application could be slow or hanging. If you reject the
connection, then Windows knows directly that the connection isn't possible.
Regards,
Marc
More information about the samba
mailing list