blocking netbios udp/tcp packets

[Charles Menzes <charles@lunarmedia.net>]

I have ipchains running successfully on a single nic home machine.
I have the following rules set within my config:

ipchains -A input -i $INT -p tcp -s $ANY $UNPRIV -d $ANY 137 -j DENY
ipchains -A input -i $INT -p udp -s $ANY $UNPRIV -d $ANY 137 -j DENY
ipchains -A input -i $INT -p tcp -s $ANY $UNPRIV -d $ANY 138 -j DENY
ipchains -A input -i $INT -p udp -s $ANY $UNPRIV -d $ANY 138 -j DENY

However, I am still seeing packets coming in addressed to my networks
broadcast address on ports 137 and 138. I see these being logged within
/var/log/messages as being DENY caught by an INPUT ipchains filter.

Since I don't have the -l option set within these rules, I can only guess
that the packets are being caught by the last line within my config that
logs all packets matching any rules:

ipchains -A input -i $INT -j DENY -l
ipchains -A output -i $INT -j REJECT -l

Is there something wrong with my initial rules? I have them set to an $ANY
address since netbios packets are often broadcasts, and since I am on a
cable modem network, I am seeing the traffic coming from several networks
with 24 bit masks, but seem to be either bridged onto my segment, or from
misconfigured end workstations.

thanks - cjm

________________________
Lunar Media Incorporated
what a wicked web we weave
http://www.lunarmedia.net
1 . 8 0 0 . 2 5 2 . 8 2 2 1  


--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.