For all those trying to setup iptables, check out a firewall script setup call "pmfirewall" (http://www.pointman.org/PMFirewall/) . Although pmfirewall is setup to use ipchains (which is sufficient for what all of you are asking), the rules it sets up are specifically geared for those of you (and myself) running an internal network with dhcp, samba, web server, etc but want to block anything from outside (including netbios "snooping"). The script lets you specifically allow certain IP addresses (ie time servers sending udp packets) to come in, and variable levels of logging. Install pmfirewall, run the install script which will prompt you for several questions about your network, which adapters are internal & external, and what services you want to allow. Then it generates its own scripts which you can modify afterwards. It even sets itself up in the init scripts directory to start automatically at bootup if desired. Very easy to understand the resulting scripts and they're commented very very well. I'm even using IPsec behind my firewall to tunnel outside to my office VPN. Works great (with a little tweaking of the pmfirewall scripts). ----- Original Message ----- From: "paras" <paras@bajranet.com.np> To: <security-discuss@linuxsecurity.com> Sent: Thursday, December 19, 2002 7:44 AM Subject: netbios-ssn > hi all > > I have samba server running as a domain controller for my company. > now i want this server to be secure. how do i make DROP or DNEY to outside > world and allow for my internal users. i did as: > > iptables -A INPUT -s 198.168.2.0 -p tcp --destination-port 139 -j ACCEPT > iptables -A INPUT -s 0.0.0.0 -p tcp --destination-port 139 -j DROP > iptables -A INPUT -s 198.168.2.0 -p udp --destination-port 139 -j ACCEPT > iptables -A INPUT -s 0.0.0.0 -p udp --destination-port 139 -j DROP > > > where 192.168.2.0 is my internal network. > > > I am not sure wheather this is working or not.how can test this?. is there > any better way to be more secure to this port netbios-ssn.? > > > Thanks > Paras. > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
