Re: Firewalling

B. James Phillippe (bryan@Terran.ORG)
Thu, 24 Jul 1997 20:56:27 -0700 (PDT)

On Thu, 24 Jul 1997, Richard B. Johnson wrote:

> I tried various ipfwadm commands that many persons tried to help me with.
> None of them escaped syntax errors. Therefore, from `ipfwadm -h` I deduced
> the following command:
> ipfwadm -F -I quark -a deny -P udp -S -D 137:139
> ipfwadm: setsockopt failed: Invalid argument
> Do I need new tools?

Not unless your ipfwadm -h reports a version older than 2.3.0. The -F and
"quark" don't make any sense in that command, tho. Try it like this:

ipfwadm -I -a deny -P udp -S -D 137 138

I know I told you earlier to use 137:139, but 139 is TCP only, so instead,
add a second rule like this:

ipfwadm -I -a deny -P tcp -S -D 137:139

Note that this specifically blocks NetBIOS. As Alan suggested, you prolly
want to tcpdump the segment to determine which ports are actually being
used by M$. They could be something other than NetBIOS (I made an
assumption). You may also want to investigate the other options for
ipfwadm, including -y which could be useful for the TCP rule.


B. James Phillippe                              Seattle Software Labs, Inc
Network Administrator                           Phone: (206) 521-8346
NIC Handle: BJP4                                Fax: (206) 521-8340