hey i have a simple iptables question. lets say i have a firewall and im trying to configure an iptables script so that it will block samba traffic from a win7 machine to a centos machine but only one way ( linux can access the share on the win7 machine) would the iptables like look like this ?
firewall (198.162.0.30) (198.162.1.30)
win7 ( 198.162.0.40 ) linux (198.162.0.10)
from firewall -> iptables -A FORWARD -j REJECT -s 198.162.0.40 -d 198.162.0.10 -p tcp --dport 445
iptables -A FORWARD -j REJECT -s 198.162.0.40 -d 198.162.0.10 -p udp --dport 445
thats what i did and it didnt seem to work anyone have any idea why?
simple iptables question
Re: simple iptables question
You're using the forwarding chain which is for routing (not in-bound/out-bound connections). Simply drop the packets coming in (INPUT chain) from the IP address of the Windows machine on the port(s) required.
Now don't forget that (by default) iptables is symmetric.
Now don't forget that (by default) iptables is symmetric.
Re: simple iptables question
Three devices ("firewall", "win7" and "linux") in subnet 198.162.0/24?
You want the "linux" to ignore the "win7"?
For one, the "firewall" is in no way involved, when the "linux" and the "win7" discuss.
Any barricade must be built in the "linux" or/and the "win7".
The "linux" has a samba server?
* If there is not, then the "linux" will not respond to any samba traffic.
* If there is, then the samba server in "linux" can deny access for client "win7".
That has no effect on linux being a samba client.
You want the "linux" to ignore the "win7"?
For one, the "firewall" is in no way involved, when the "linux" and the "win7" discuss.
Any barricade must be built in the "linux" or/and the "win7".
The "linux" has a samba server?
* If there is not, then the "linux" will not respond to any samba traffic.
* If there is, then the samba server in "linux" can deny access for client "win7".
That has no effect on linux being a samba client.
Re: simple iptables question
I read that as "I want to drop all M$ traffic (CIFS is not the only thing Windows does) from the Windows machine to the Linux machine (regardless of any listeners), but only in the direction originating from the Windows machine)". Well maybe I'm wrong ....