> If you really want to ignore the samba packets you might want to use these
> rules... (To get them on, you'l have to dissable the UK2 firewall script.
or
> whatever rule is causing the log entrys to be made)
>
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:137 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:137 -p udp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:138 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:138 -p udp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:139 -p tcp -j DENY
> ipchains -A input -s <IP of the broadcasting raq>/255.255.255.255 -d
> 0.0.0.0/0.0.0.0 137:139 -p udp -j DENY
>
> OR if you want to block all samba protocol to your machine instead of a
raq
> number ... try using "0.0.0.0/0.0.0.0" instead of the ip/255.255.255.255
>
> Theres no "-l" in those lines so they will be deny'd before they get to
the
> rule that is causing the log entrys currently
>
Thanks Bryan, I'll give that a go as it's different to what I've already
done! I don't use Samba so there's no need for me to use those ports for any
reason.
Dan
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
