Hello everybody, I have a Linux machine (with a static routable IP address) connected to a windoops LAN. As is known, there is certain "noise" in windoops networks, which can be silently dropped by a rule like this: iptables -A INPUT -p udp --dport 135:139 -j DROP I have found that this "noise" can also be effectively blocked by the following rule: iptables -A INPUT -d ! $IP.ADDRESS.OF.MY_BOX -j DROP I haven't noticed anything going wrong yet, still I'd like to know: Does this rule have a (potential) drawback? Can it break anything in case I have NFS or obtain IP address via DHCP or in any other situation? A similar question goes for the case of a Linux router/gateway protecting a LAN (with machines with routable IP addresses). Can the following rules do any harm? iptables -A FORWARD -i $EXTERIOR_INTERFACE -d $LAN.BROADCAST -j DROP iptables -A FORWARD -i $EXTERIOR_INTERFACE -d ! $LAN.IP.ADDRESSES.RANGE -j DROP Thanks in advance! -- Mikhail
