samba trouble

[Andy Green]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 27 October 2003 21:33, Gene C. wrote:

> OK, I can see doing this on an internal system which is running an iptables
> "personal" firewall.  However, making it too easy for someone to do on a
> true firewall between your system(s) and the "real Internet" is inviting
> disaster.

That's a good point.  But... what is the meaning of the availability of samba 
packages if there is no simple way to expose their services?  Not going to be 
very convincing for the shell-challenged to use Samba if getting it to 
actually talk after installing it stays a mystical secret not on the local 
firewall UI.

The firewall app could do the same as I did, for 137:139 it limits access to 
the local subnet by iptables filtering.  In fact it could do with another 
per-item checkbox saying if the service is only exposed to machines on the 
local subnet or open to all comers -- and for every service that checkbox 
should be set for local subnet only by default.  For a super bonus jackpot to 
the implementor it could have per-item interface checkboxes for multihomed 
hosts.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/nZRzjKeDCxMJCTIRAjR0AJsFzeKFN+aeGnWrQZaWc7Bzp16bnQCcCstQ
DeLL+SLXpk/bzgTJzWKrbe8=
=vRBq
-----END PGP SIGNATURE-----