Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 2720 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

netbios rules

namina
I' ve got a problem with my netbios rules. I dropped port 137,138 udp/tcp, but in the LiveLogfile it shows me those ports. What's wrong?


This thread was automatically locked due to age.
  • 0
    Hi namina,

    I assume that you want to get rid of the broadcasts
    in the Livelog.
    Define the broadcast addresses:

    e.g.
    local-broadcast 192.168.10.255 255.255.255.255
    world-broadcast 255.255.255.255 255.255.255.255

    put them into a network group broadcast 

    Now define a packet filter like

    ANY ANY {broadcast} DROP

    That's it!

    Regards
    o|iver
  • 0 in reply to oliver.desch
    I did it like you told, but it still does not work.
    My logfile say: Source-IP-Adress  129.187.179.176 Source-Port 138 Dest.IP-Adress 129.187.179.255 Dest. Port 138 Protokoll UDP.
    I've defined a rule which drops netbios: Any {netbios} Any Drop. In netbios-groupe is included netbios-dgm tcp/udp 138 138. So why isn't it droped?
  • 0 in reply to namina
    I find it by myself. I first have to allow this rule, then drop it. Now its not any longer in my logfile.
  • 0 in reply to namina
    I don't think you want to allow it.

    If that dest IP is one of the interfaces in your firewall, or a broadcast address (looks like yours is) you may have to make another rule to drop that traffic specifically.