From owner-freebsd-questions Fri Mar 30 17:12:20 2001 Delivered-To: freebsd-questions@freebsd.org Received: from courier.netrail.net (courier.netrail.net [205.215.10.53]) by hub.freebsd.org (Postfix) with ESMTP id 3ECD637B71A for ; Fri, 30 Mar 2001 17:12:16 -0800 (PST) (envelope-from cschreiber@netrail.net) Received: from cschriaber (localhost.netrail.net [127.0.0.1]) by courier.netrail.net (Postfix) with SMTP id 041C4EE; Fri, 30 Mar 2001 20:12:15 -0500 (EST) Reply-To: From: "Christian S." To: "Rick Knebel" , Subject: RE: udp ports Date: Fri, 30 Mar 2001 20:07:22 -0500 Message-ID: X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 try the following: ipfw add deny udp from {outside} to {inside} 137,138 Really, however, you could prolly make it: ipfw add deny udp from any to any 137,138 Since (If I'm not assuming too much here) that your FW will be connected to a hub/switch, and from there to the LAN. You can specify "from any to any", 'coz the LAN machines *shouldnt* touch the FW interfaces at all, since they will all be communicating on the same subnet.. ...Of course, I could be high, but I *think* that's how it should work. Christian "...we have only twice as many genes as a fruit fly, or roughly the same number as an ear of corn, about 30,000." Ergo, we are all corn. - -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rick Knebel Sent: Friday, March 30, 2001 8:05 PM To: questions@freebsd.org Subject: udp ports Hi, i have a small home network and firewall running on my freebsd box. I have 3 other computers that use it as a gateway to the internet and file sharing through Samba. I am tying to block the udp ports 137 and 138 so that I can still use samba but people on the outside cannot see these ports. I have tried now for 1 week to do this but no matter how I try when I have my computer scanned people can see my workgroup and netbios name and it says that ports 137 and 138 are visible. I guess I cannot get this syntax of the commands right. One person suggested this: ipfw add deny udp 137 from outbound interface to inbound interface ipfw add deny udp 137 from inbound interface to outbound interface This did not work. Can anyone help me or give a suggestion? Thanks Rick - -- Rick Knebel rknebel@uplink.net http://members.tripod.com/~Rick_Knebel/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOsUtxikK9qTvGvteEQLlqwCeNMTsCKsXSLU7eMFTJNYDh8G6P5QAni7y RYpOsX+mNblWmMqeLJuIBxu2 =maIp -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message