On Thursday 16 November 2006 12:03, you wrote: > On Wed, Nov 15, 2006 at 07:10:51PM +0200, Andrei Kolu wrote: > > I am struggling here with PF firewall and just can't connect to any samba > > share if PF is enabled: > > That's because the SMB protocol was designed in total ignorance of > firewalls (and, to be fair, is much older than the first book on > firewalls). Like "talk" and other such protocols, which are virtually > impossible to do safely across a firewall, it has a mishmash of > connections in and out and back in again. > > You may find this page of mine useful; using the information here > might get you up and running, but you'll be poking some serious > holes in the firewall to do this. > > http://www.subspacefield.org/~travis/firewalls_and_protocols.html > > You may find this old paper interesting though: > http://web.textfiles.com/hacking/cifs.txt > > Ack, I gave in to curiousity, read a bit, and now I need a shower. > I couldn't get past the "Phase 0". Perhaps Bill Gates is a genius, > not because CIFS/SMB is great, but because it is so horrible; > yet he actually got people to pay for it. That counts for something. > > But given that MS Services for Unix is free, wouldn't you be > happier using NFS than some dodgy proprietary anachronism that > is so chock full of arbitrariness that it boggles and stupefies > the mind? Let's just pretend IPX and SMB never existed. In a > decade nobody will even remember it. Here's to hoping.
Yes, I understand that SMB is bad, but why PF blocks port that is opened with rules? /etc/pf.conf: pass in on rl0 proto udp from any to (rl0) port 137 keep state # tcpdump -n -e -ttt -i pflog0: rule 0/0(match): block in on rl0: 192.168.2.100.137 > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
