Re: [cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?

[Lawrence Frewin of Accommodation.com]

Hmm, we used those lines in our copy and it worked fine.

Here is an earlier version of the block, it works for some, but not others.

$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:137 -p tcp  -j DENY
$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:137 -p udp  -j DENY
$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:138 -p tcp  -j DENY
$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:138 -p udp  -j DENY
$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:139 -p tcp  -j DENY
$IPC -A input -s 0.0.0.0/0.0.0.0  -d 0.0.0.0/0.0.0.0 137:139 -p udp  -j DENY

If you still don't have any luck with it mail me a copy of the text
firewall-on offline I will see if I can sort it out.

[EMAIL PROTECTED]



----- Original Message -----
From: "Dan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 01, 2001 5:27 PM
Subject: Re: [cobalt-security] Why does PortSentry continue to log ports 137
and 138 even though I've told it not to?


> >
> > # Deny Samba, added 20/4/2001
> > #
> > $IPC -A input -p tcp -s 0/0 -d $OUTERNET 137:139 -j DENY
> > $IPC -A input -p udp -s 0/0 -d $OUTERNET 137:139 -j DENY
> > #
> >
> > Make sure these lines are added above the logging line at the bottom of
> > firewall-on which ends with "-l"
> >
> > Lawrence
> >
> >
> Thanks, saw this post, tried it and it did not work. I did put them above
> the "logging" line but in sequence of the ports (as the post suggested).
>
> Dan
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security

_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security