Re: Broadcast packets
-----BEGIN PGP SIGNED MESSAGE-----
> Not a guru, but I tried with Stevens, UNIX network Programming, Vol. 1,
> and I also used Google, and found the behaviour the system SHOULD show:
> Finally, the bind interfaces only option instructs the nmbd process not to
> accept any broadcast messages other than those subnets specified with the
> interfaces option. Note that this is different from the hosts allow and
> hosts deny options, which prevent machines from making connections to
> services, but not from receiving broadcast messages. Using the bind
> interfaces only option is a way to shut out even datagrams from foreign
> subnets from being received by the Samba server. In addition, it instructs
> the smbd process to bind to only the interface list given by the
> interfaces option. This restricts the networks that Samba will serve.
> However, I think that such options in the daemon are not an appropriate
> security measure. You might want to set up strict firewall rules to
> prevent any outsider from connecting to your SAMBA machine. Running SAMBA
> on the same machine as your Firewall is *evil*, but I admit that many
> small businesses with one-box-for-everything will use such a setup...
I guess people didn't realise (since I forgot to mention) that this is no
small-business firewall, it's my home masquerading box to give internet
access to my LAN. Naturaly, since this is the only box that's on 24/7 it also
serves a bunch of other stuff.
Thanks for the awnser, it was exactly what I was looking for.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----