On 13 Jul 2003 21:43:26 +0100, Richard Bown
<richard.bown@blueyonder.co.uk>
wrote:
> Hi
>
> As I have a policy of fw to net of accept, can I block out going netbios
> and ipp(cups) broadcast from localhost ,ie. fw
> with rules
> fw net tcp !137:139,!631
> fw net udp !137:139,!631
Yes but I have no idea what the above two lines are supposed to represent.
>
> or would it be better to change the policy to DROP fw to net and try to
> open all the outgoing ports as required.
Depends on how well you know your fw->net traffic. If you don''t know
it
well, it is probably better to have specific DROP rules for traffic that
you know that you want to block.
> That may be difficult as they tend to be a bit dynamic.
> I spotted the broadcasts going out, when traffic on the cable modem was
> light.
> As the broadcast was initiated on this machine any reply would go
> straight thru the firewall.
I haven''t a clue what you just said. But if you are implying that
replies
to fw->net broadcasts will be automatically accepted, you are wrong.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net