iptables problem
Rick Stevens
rstevens at vitalstream.com
Mon Apr 10 17:12:39 UTC 2006
On Sat, 2006-03-11 at 00:23 +0800, lstar wrote:
> Hi All,
> I would like to ask an " iptables" question
> which port should i block if i need to restrict access samba services?
> I have search the information from knowledgebase of redhat offical web
> site. it found following port
> * Port 137 (UDP) - NetBIOS name service and nmbd
> * Port 138 (UDP) - NetBIOS datagram service
> * Port 139 (TCP) - File and printer sharing and smbd
> * Port 389 (TCP) - for LDAP (Active Directory Mode)
> * Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and
> beyond, (CIFS)
> * Port 901 (TCP) - for SWAT
> Should I port all above port to restrict the access to samba services
> or any specific port also enough ?
To block Samba, UDP 137 and 138 and TCP 139 and 445 are all you need to
block. TCP 445 is not used just for Samba (anything using LDAP will use
that port including local logins if you use LDAP to authenticate), and
swat is an admin tool which you _may_ wish to block. The actual Samba
protocol is over the first four I mentioned.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- BASIC is the Computer Science version of `Scientific Creationism' -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list