> I tried various ipfwadm commands that many persons tried to help me with.
> None of them escaped syntax errors. Therefore, from `ipfwadm -h` I deduced
> the following command:
>
> ipfwadm -F -I quark -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
> ipfwadm: setsockopt failed: Invalid argument
>
> Do I need new tools?
Not unless your ipfwadm -h reports a version older than 2.3.0. The -F and
"quark" don't make any sense in that command, tho. Try it like this:
ipfwadm -I -a deny -P udp -S 204.178.40.0/21 -D 204.178.47.0/21 137 138
I know I told you earlier to use 137:139, but 139 is TCP only, so instead,
add a second rule like this:
ipfwadm -I -a deny -P tcp -S 204.178.40.0/21 -D 204.178.47.0/21 137:139
Note that this specifically blocks NetBIOS. As Alan suggested, you prolly
want to tcpdump the segment to determine which ports are actually being
used by M$. They could be something other than NetBIOS (I made an
assumption). You may also want to investigate the other options for
ipfwadm, including -y which could be useful for the TCP rule.
-bp
-- B. James Phillippe Seattle Software Labs, Inc Network Administrator Phone: (206) 521-8346 NIC Handle: BJP4 Fax: (206) 521-8340 http://w3.terran.org/~bryan http://www.sealabs.com