Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Mar 2001 20:07:22 -0500
From:      "Christian S." <cschreiber@netrail.net>
To:        "Rick Knebel" <rknebel@uplink.net>, <questions@freebsd.org>
Subject:   RE: udp ports
Message-ID:  <MPEGJCJPPBKNCNBGOHGDEEODCPAA.cschreiber@netrail.net>
In-Reply-To: <p05001900b6eadc7e72bb@[192.168.1.2]>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

try the following:

ipfw add deny udp from {outside} to {inside} 137,138

Really, however, you could prolly make it:

ipfw add deny udp from any to any 137,138

Since (If I'm not assuming too much here) that your FW will be
connected to a hub/switch, and from there to the LAN. You can specify
"from any to any", 'coz the LAN machines *shouldnt* touch the FW
interfaces at all, since they will all be communicating on the same
subnet..

...Of course, I could be high, but I *think* that's how it should
work.

Christian

"...we have only twice as many genes as a fruit fly, or roughly the
same number as an ear of corn, about 30,000."
Ergo, we are all corn.


- -----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Rick Knebel
Sent: Friday, March 30, 2001 8:05 PM
To: questions@freebsd.org
Subject: udp ports


Hi,

i have a small home network and firewall running on my freebsd box.
I have 3 other computers that use it as a gateway to the internet and
file sharing through Samba.

I am tying to block the udp ports 137 and 138 so that I can still use
samba but people on the outside cannot see these ports.

I have tried now for 1 week to do this but no matter how I try when I
have my computer scanned people can see my workgroup and netbios name
and it says that ports 137 and 138 are visible.


I guess I cannot get this syntax of the commands right.


One person suggested this:
ipfw add deny udp 137 from outbound interface to inbound interface
ipfw add deny udp 137 from inbound interface to outbound interface


This did not work.

Can anyone help me or give a suggestion?


Thanks
Rick
- --
Rick Knebel
rknebel@uplink.net
http://members.tripod.com/~Rick_Knebel/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>;

iQA/AwUBOsUtxikK9qTvGvteEQLlqwCeNMTsCKsXSLU7eMFTJNYDh8G6P5QAni7y
RYpOsX+mNblWmMqeLJuIBxu2
=maIp
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MPEGJCJPPBKNCNBGOHGDEEODCPAA.cschreiber>