From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GG4BK-0000eT-SP for garchives@archives.gentoo.org; Thu, 24 Aug 2006 01:38:55 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k7O1aonY029732; Thu, 24 Aug 2006 01:36:50 GMT Received: from ilievnet.com ([84.21.204.200]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k7O1Ypn6024174 for ; Thu, 24 Aug 2006 01:34:51 GMT Received: (qmail 11563 invoked from network); 24 Aug 2006 04:36:01 +0300 Received: from mail.ilievnet.com (HELO ?10.0.1.1?) (10.0.1.1) by mail.ilievnet.com with SMTP; 24 Aug 2006 04:36:01 +0300 Message-ID: <44ED0281.9020806@ilievnet.com> Date: Thu, 24 Aug 2006 04:36:01 +0300 From: Daniel Iliev User-Agent: Thunderbird 1.5.0.5 (X11/20060802) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: OT: A netbios-ssn blocking rule? References: <44E63477.3000800@ilievnet.com> <44ECC994.8020705@ilievnet.com> <44ECCCB1.3000806@gmail.com> In-Reply-To: <44ECCCB1.3000806@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: f4fe6c35-83ed-4da7-b045-b77e0dc2e6f5 X-Archives-Hash: 2453082e266fc3ab5df660ddb6a9facc gentuxx wrote: > Actually, some of those ports are UDP. /etc/services says the same for > both TCP and UDP. So if -p is required for --dport, you would have to > add rules for UDP as well. > > iptables -A FORWARD -d *target-PC* -p udp --dport 137:139 -j DROP > iptables -A INPUT -p udp --dport 137:139 -j DROP > gentuxx, I'm not 100% sure about this, but I think MS NetBIOS doesn't use UDP (only TCP). However theoretically you are absolutely right. -- Best Regards, Daniel -- gentoo-user@gentoo.org mailing list