Sunday 19 October 2014

Block incoming WAN (Internet) connections for SAMBA using iptables


 This is my idea on how one might keep WAN connections from hitting a SAMBA server:
iptables -m multiport -m comments -A INPUT -s 192.168.0.0/24 -p tcp --dports 137:139,445,43270,43273 -j ACCEPT --comment "Allow local connections to SAMBA - TCP"
iptables -m multiport -m comments -A INPUT -s 192.168.0.0/24 -p udp --dports 137:139,445,43270,43273 -j ACCEPT --comment "Allow local connections to SAMBA - UDP"


iptables -m multiport -m comments -A INPUT -p tcp --dports 137:139,445,43270,43273 -j DROP --comment "Block WAN connections to SAMBA - TCP"
iptables -m multiport -m comments -A INPUT -p udp --dports 137:139,445,43270,43273 -j DROP--comment "Block WAN connections to SAMBA - UDP"
 The ports *should* be right for SAMBA. The network address and range (192.168.0.0/24) might have to be changed to reflect you LAN (internal network)

No comments:

Post a Comment