Hello Mike, hello List.
On Wed, Oct 10, 2001 at 11:37:36AM -0400, Mike Dresser wrote: [...] > I want to deny ports 23, 37,137,139, etc, from the Internet, but allow > them from Y. [...] What about configuring services to listen only on one _specific_ interface/ip? (In your case Y) So you perhaps don't have to take care about an confusing firewall setup... hiding services is not the way[tm] to make or keep a network secure. Even if there are running non-vunerable services (you never know, don't trust software that isn't your own ;-)) on the machine, always keep in mind that even authorised users can externally compromise your network accidently or malicous by using world-accessible services (without needing to be...) Fixing samba (137 and 139) on linux machines, for example, by putting two lines into /etc/samba/smb.conf: [snip] interfaces = eth0 192.168.1.0/24 bind interfaces only = True [snip] Greetings.
