Date: Wed, 24 Feb 1999 20:42:16 +0100 (CET) From: Gerhard Sittig <Gerhard.Sittig@gmx.net> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: UDP/TCP Ports 137, 138, 139 Message-ID: <Pine.LNX.4.02.9902242034380.17721-100000@speedy.gsinet> In-Reply-To: <000801be5e76$9e5253e0$0a00000a@maxpower.weeble.nws.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 22 Feb 1999, Christopher J. Michaels wrote:
> If you just block all traffic going over the firewall's outside interface on
> those ports you'll be fine.
>
> the rules I use are the following...
>
> 01000 deny tcp from any 137-139 to any via tun0
> 01000 deny udp from any 137-139 to any via tun0
> 01001 deny tcp from any to any 137-139 via tun0
> 01001 deny udp from any to any 137-139 via tun0
>
> tun0 being my interface to the outside world, and yes I know netbios is udp
> but I'm a bit paranoid I guess.
Not really, I guess :>
------------------------------------------------------------
[sittig@speedy] (529) ~ $ grep netbios /etc/services
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
[sittig@speedy] (530) ~ $ head -15 /etc/services
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1340, ``Assigned Numbers'' (July 1992). Not all ports
# are included, only the more common ones.
#
# from: @(#)services 5.8 (Berkeley) 5/9/91
# $Id: services,v 1.9 1993/11/08 19:49:15 cgd Exp $
#
[sittig@speedy] (531) ~ $ netstat -a | grep netb
tcp 0 0 speedy.gsin:netbios-ssn *:* LISTEN
tcp 0 0 speedy.gsin:netbios-ssn *:* LISTEN
udp 0 0 *:netbios-ns *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 speedy.gsine:netbios-ns *:*
udp 0 0 speedy.gsin:netbios-dgm *:*
udp 0 0 speedy.gsine:netbios-ns *:*
udp 0 0 speedy.gsin:netbios-dgm *:*
[sittig@speedy] (532) ~ $
------------------------------------------------------------
Gerhard Sittig
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02.9902242034380.17721-100000>