Date: Thu, 6 Jun 2002 12:25:40 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Gerhard Sittig <Gerhard.Sittig@gmx.net> Cc: freebsd-security@FreeBSD.org Subject: Re: samba and ipfw Message-ID: <20020606122540.B93321@blossom.cjclark.org> In-Reply-To: <20020605195953.V1494@shell.gsinet.sittig.org>; from Gerhard.Sittig@gmx.net on Wed, Jun 05, 2002 at 07:59:53PM %2B0200 References: <Pine.GSO.4.32.0206051243390.25024-100000@nippur.irb.hr> <20020605195953.V1494@shell.gsinet.sittig.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 05, 2002 at 07:59:53PM +0200, Gerhard Sittig wrote:
> On Wed, Jun 05, 2002 at 12:50 +0200, Mario Pranjic wrote:
> >
> > I have rules for smb like this:
> > # samba
> > add 660 allow tcp from any to me 138,139,445 setup keep-state
> > add 661 pass udp from any 139 to me 139 keep-state
> ^^^ ^^^
>
> This is a typo, isn't it? netbios-ns uses 137/udp. And it
> mostly is run in broadcast mode, so I don't know how the "me"
> keywords disturbes (is too strict).
'me' does not match broadcast addresses.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020606122540.B93321>