[K12OSN] hide network shares

Peter Scheie peter at scheie.homedns.org
Wed Mar 7 19:23:22 UTC 2007


I haven't done this, but considering Windows shares use port 137-139, I'm pretty sure 
you could add a few rules to iptables to block outbound traffic destined for those 
ports.  That way you don't have to mess with the Windows machines.  Anyone who's good 
with iptables wanna take a crack at creating such a blocking rule?  I'll make what is 
probably an incorrect attempt to start the discussion:

iptables -A INPUT -p tcp --dport 137 -j DROP

Add similar rules for ports 138 & 139 (there's a way to specify a range, but I can't 
recall the syntax) and your linux box won't be able to 'see' any Windows shares.

Petre

Ray Garza wrote:
> On Wednesday 07 March 2007 12:29, Terrell Prudé Jr. wrote:
>> You can use share permissions or NTFS permissions; either will do the
>> trick.  They'll still be able to see that the shares exist, but they
>> won't be able to actually access them.  It's much like when you set 700
>> permission on the /root directory in GNU/Linux or *BSD.  Regular users
>> can see that /root exists, but they can't do anything with it.
>>
> You mean change the Share permissions on each Staff PC? I could do that but I 
> was hoping to to do it at a single point (server) rather than go around to 
> each Staff PC and make the changes. 
> 
> I'll give your suggestion more thought.
> 
> Thanks for the input. 
> 
> Ray
> 
>> --TP
>> _______________________________
>> Do you GNU!?
>> Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate antivirus
>> protection!
>>
>> Ray Garza wrote:
>>> Greetings group,
>>>
>>> I'm using K12LTSP 6.0 in a mixed environment (Windows, Linux, K12LTSP)
>>> and I would like to prevent users on the K12LTSP PC's from seeing the
>>> network shares on the staff PC's.
>>>
>>> I've tried to use Sabayon to delete the Networks submenu item under
>>> Places (Gnome) but can't. I cannot even get rid of the Places Menu.
>>>
>>> Any idea's to restrict access to Browsing the network?
>>>
>>> Thanks,
>>>
>>> Ray
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 




More information about the K12OSN mailing list