On Mon, Jul 03, 2000 at 04:16:24PM +0200, Goeman Stefan wrote: > Hello, Hi
[snip] > I am a little concerned about this last line. > >From a security course I took last week, I have found out > that it is not wise to have the netbios open (to the rest of the > world). I my case, it probably can't harm because I am behind our > company firewalls. But nevertheless, I would prefer to disable this > feature. Does anybody knows how to do this ?? If you don't want to purge samba, yet still have those ports closed, you could do: (replacing ppp0 for whatever you have) ipchains=$(which ipchains) ${ipchains} -A output -p tcp --sport 137:139 -i ppp0 -j DENY -l ${ipchains} -A output -p udp --sport 137:139 -i ppp0 -j DENY -l ${ipchains} -A input -p tcp --dport 137:139 -i ppp0 -j DENY -l ${ipchains} -A input -p udp --dport 137:139 -i ppp0 -j DENY -l This also causes log entries to be generated upon violation of this rule. (-l) For more infos, see: ipchains (8) - IP firewall administration ipchains-restore (8) - restore IP firewall chains from stdin ipchains-save (8) - save IP firewall chains to stdout or ipfwadm (8) - IP firewall and accounting administration ipfwadm-wrapper (8) - IP firewall administration ipfwadm.real (8) - IP firewall and accounting administration This surely ain't the only way to do it, but it is one way of doing it. The better / more secure approach would be to deny all ports and to then selectively open up specific ports according to your needs. HTH'n good luck! :) -- S. Burgener Powered by Debian GNU/Linux 2.2