deny broadcast on ..*.255

**raphi078** · 10-09-2007

hi all

I use fwbuilder to create my iptables-rule-set on my debian box. Now, in my network, there are more machines with windows installed, and they send a lot of broadcast-messages to e.g. 10.0.0.255 to port 137-139. Now, my problem is, I don't want to deny all to 10.0.0.255 and above ports, because sometime I'm in any other networks (=other netaddresses, eg 192.168.1.*) but also with windows-machines.

Is there any way to define something like 0.0.0.255/0.0.0.255 rule? this one don't work.

Thanks for any ideas...
raphael

**RobinVossen** · 10-10-2007

Well, I havnt learned myself how to set rules for iptables with commandline.
But with the webmin module its Quite easy to set no Trafic at
*.*.*.255
Maybe you should look into it.
HOpe that helped.

**Lazydog** · 10-10-2007

Well if you are never going to use Samba then you could just block those ports.

**bitstreamer** · 10-10-2007

raphi078,

Lazydog is right, if your not using this linux box as a gateway, and all traffic is sourced from the local box then....

--A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 135:139 -j DROP

Bitstreamer

**Lazydog** · 10-12-2007

Originally Posted by bitstreamer

raphi078,

Lazydog is right, if your not using this linux box as a gateway, and all traffic is sourced from the local box then....

--A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 135:139 -j DROP

Bitstreamer

Be careful with what you post. Not everyone uses RH.

In fact I find it stupid that RH does their firewall this way. Guess it's a RH thing.

**bitstreamer** · 10-12-2007

Lazydog,

I'm not using Redhat, I'm using CentOS.

Seriously, my bad! Hope he got the point though.

Bitstreamer

**Lazydog** · 10-14-2007

Cool, a fellow CentOS user!!

Thread Tools

Display