[Firehol-support] Prevent routing of Microsoft Networking
Daniel L. Miller
dmiller at amfes.com
Tue Nov 15 02:29:33 GMT 2005
I'm trying to prevent my Samba servers and Windoze clients from
advertising on the Internet. Some of the netbios services are being
processed fine, others are giving me errors during firehol compilation.
At the moment, I get the following:
foxy:/var/log/ulog# firehol try
--------------------------------------------------------------------------------
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_ns_s4 -p udp
--sport 1024:65535 --dport 137 -m state --state NEW\,ESTABLISHED -j
REJECT --reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_ns_s4 -p udp
--sport 137 --dport 1024:65535 -m state --state ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 3.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_ns_s4 -p udp
--sport 137 --dport 137 -m state --state NEW\,ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 4.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_ns_s4 -p udp
--sport 137 --dport 137 -m state --state ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 5.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_dgm_s5 -p udp
--sport 1024:65535 --dport 138 -m state --state NEW\,ESTABLISHED -j
REJECT --reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 6.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_dgm_s5 -p udp
--sport 138 --dport 1024:65535 -m state --state ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 7.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_lan2x_netbios_dgm_s5 -p udp
--sport 138 --dport 138 -m state --state NEW\,ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
--------------------------------------------------------------------------------
ERROR : # 8.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 85 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_lan2x_netbios_dgm_s5 -p udp
--sport 138 --dport 138 -m state --state ESTABLISHED -j REJECT
--reject-with tcp-reset
OUTPUT :
iptables: Invalid argument
Stopped: Couldn't activate new firewall.
FireHOL: Restoring old firewall: OK
The area generating this is:
router lan2x inface "${LAN_IF}" outface "${EXT_X_IF}" src "${LAN_LAN}"
dst not "${UNROUTABLE_IPS}"
route "microsoft_ds netbios_ssn rdp" reject with tcp-reset
route "netbios_ns netbios_dgm" reject with tcp-reset
route all accept log "lan2x"
--
Daniel
More information about the Firehol-support
mailing list