configuring suse firewall to block outgoing SMB?

Sometimes I VPN to work, and my windows machines are hardwired to talk to
the WINS servers at work. When not connected via VPN, they still
try to send updates to the company WINS server, and these are leaking out
my SuSEFirewall2 machine.

I'd like to configure the firewall to block all outgoing packets on the public
interface directed to ports 135:139, without blocking traffic from the
firewall to the internal interface -- it has its own SMB exports and
needs to publish its own data locally.

Any ideas how to do this? I am an iptables n00b.

thanks,

-dB

David Brower wrote:

> Sometimes I VPN to work, and my windows machines are hardwired to talk to
> the WINS servers at work. When not connected via VPN, they still
> try to send updates to the company WINS server, and these are leaking out
> my SuSEFirewall2 machine.
>
> I'd like to configure the firewall to block all outgoing packets on the
> public interface directed to ports 135:139, without blocking traffic from
> the firewall to the internal interface -- it has its own SMB exports and
> needs to publish its own data locally.
>
> Any ideas how to do this? I am an iptables n00b.
>
> thanks,
>
> -dB

To block OUTGOING SMB? Two ways:
1) Uninstall Samba (this would fix the problem the easiest way possible)
2) as root: "iptables -A OUTPUT -p tcp --sport 137:139 -j DROP"
"iptables -A OUTPUT -p udp --sport 137:139 -j DROP"

--
Science is what happens when preconception meets verification.