On Mon, 7 Apr 2003, Anthony M. Rasat wrote: > Dear Robert, > > Most times, when configuring a firewall, people blocked everything first > then allow any service required. This goes for any incoming traffic rule. > Now, outgoing rule may vary. Some people like to let any outgoing traffic > may pass unchanged, some are not. In your case, if you wish to do so, your > can set rules to block outgoing TCP and UDP port 137 - 139. This rules will > not affecting Samba (or Microsoft Windows Network Sharing Service) > communication inside your internal network. no, you have it backwards. i'm starting from a position of DROP on all chains, and want to slowly *open up* my firewall. what i was after was a set of (ideally minimal) rules that would allow just what was needed for samba-related traffic. i'm aware that that traffic involves ports 137-9, but wanted to know if there was a summary of *precisely* what ports were involved, and what they were used for, so i could know exactly what i had to allow and what i could leave closed. rday
