also sprach Charlie Grosvenor <firstname.lastname@example.org> [2002.02.26.1657 +0100]: > I am trying to block smb going out of my network using the following > rules. why not also block it coming in? i'd leave out the -o ppp0 bit below. then there's nothing that can come in and nothing to go out. > iptables -A FORWARD -o ppp0 -p tcp --dport 135 -j REJECT [others snipped] why REJECT? just DROP them! also, port 136 is not a micro$oft port. > For some reason this is not working as http://stealthtests.lockdowncorp.com > is able to find out information about my computer using smb for example it > gives me my username that i used to log into windows with. this is what stealthtest does: fishbowl:~# tcpdump -i any -n host 18.104.22.168 tcpdump: listening on any 17:16:58.329572 22.214.171.124.137 > 126.96.36.199.137: >>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST (which i don't answer since this is a linux system), but the reply should not pass through your rules. why don't you run the above tcpdump line on the router/firewall and see what the stealthtests cause. post that here... > How can i get the blocking of smb working? Is ther a port that i should > block that i haven't? just blocking dports 135,137-139 tcp and udp in FORWARD, INPUT and OUTPUT should do the trick, actually... but you never know with this micro$oft crap... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck 3 kinds of people: those who can count & those who can't.
Description: PGP signature