[SATLUG] Block nodes from seeing each other on the network

twistedpickles twistedpickles at gmail.com
Tue Jan 17 12:38:29 CST 2006


So issuing the following commands as such would work?

#netbios
iptables -A FORWARD -p tcp --dport 135 -j DROP
iptables -A FORWARD -p tcp --dport 136 -j DROP
iptables -A FORWARD -p tcp --dport 137 -j DROP
iptables -A FORWARD -p tcp --dport 138 -j DROP
iptables -A FORWARD -p tcp --dport 139 -j DROP

iptables -A FORWARD -p udp --dport 135 -j DROP
iptables -A FORWARD -p udp --dport 136 -j DROP
iptables -A FORWARD -p udp --dport 137 -j DROP
iptables -A FORWARD -p udp --dport 138 -j DROP
iptables -A FORWARD -p udp --dport 139 -j DROP

# netbios over TCP/IP
iptables -A FORWARD -p tcp --dport 445 -j DROP
iptables -A FORWARD -p udp --dport 445 -j DROP

Thanks!




On 1/17/06, Jesse Gonzalez <jesse at liberto.org> wrote:
>
> That sounds about right to me. You'd probably want to block 135-139
> TCP/UDP and 445 TCP/UDP.
>
> On Tue, 2006-01-17 at 11:54 -0600, twistedpickles wrote:
> > I run a linux gateway and all users connect to the gateway for Internet
> > access. I would like remove the capabillity for computers to see each
> other
> > on the network.
> >
> > I've been searching the web but I can only find resources on how to get
> > people to network and share files. 99% of computers and clients
> connecting
> > are Windows.
> >
> > I am only guessing but if I block NetBios communication ports in
> iptables
> > will this effective. Any suggestions or thoughts?
> >
> > --
> > ::twistedPickles:: :
>
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug
> Powered by Rackspace (www.rackspace.com)
>



--
::twistedPickles:: :


More information about the SATLUG mailing list