samba trouble
Gene C.
czar at czarc.net
Mon Oct 27 21:33:11 UTC 2003
On Monday 27 October 2003 16:08, Andy Green wrote:
> On Monday 27 October 2003 16:44, Benjamin Kosnik wrote:
> > In the meantime, can somebody post the magic iptables bits?
>
> I added this to my /etc/rc.local......
>
> iptables -I RH-Firewall-1-INPUT -p tcp -s 192.168.0/24 --destination-port
> 137:139 -j ACCEPT
>
> The bit after -s says to only let in people who are on 192.168.0.*, so if
> somehow people from the internet manage to bypass my firewall they still
> won't be able to see my shares (until they pervert a local machine, ho
> hum).
>
> Samba really should be on that firewall app, in fact its kind of crap that
> you can't give it arbitrary ports, didn't you used to be able to?
OK, I can see doing this on an internal system which is running an iptables
"personal" firewall. However, making it too easy for someone to do on a true
firewall between your system(s) and the "real Internet" is inviting disaster.
--
Gene
More information about the fedora-test-list
mailing list