Blocking windows messages
We have been getting a few windows messages as of late so I added the
following rules to my firewall:
iptables -A FORWARD -p tcp -d ! $SERVERIP --dport 135:139 -j DROP
iptables -A FORWARD -p udp -d ! $SERVERIP --dport 135:139 -j DROP
iptables -A FORWARD -p tcp -m iprange --dst-range $FULLRANGE --dport
445 -j DROP
iptables -A FORWARD -p udp -m iprange --dst-range $FULLRANGE --dport
445 -j DROP
$SERVERIP is a machine that needs 135 - 139 open, so the way I read the
rule is that unless it's going to $SERVERIP on 135 - 139 drop it, but
the windows messages still seem to be getting through. Oh, and
$FULLRANGE is just a range of IPs I'm doing this for. In this case it
could have been done just as easily as a block with a netmask, but I
guess I wasn't thinking at the moment.
Matt
Reply to: