Well, so far it's not been a problem, although I keep a close watch on suspicious activity. (You'll notice entries for hosts allow and hosts deny. So far that seems to be pretty effective, although I do notice twits trying to access and being denied):
hosts allow = 192.168.3.0/255.255.255.224 192.168.2.0/255.255.255.0
128.119.216.0/255.255.255.0 216.175.212.192/255.255.255.240
hosts deny = all # <- no other machines can access
Perhaps you could suggest conf options that allows [incoming] connections, but don't broadcast availability (i.e. is 'invicible' to all but people that know that that machine is a smb server). As I said, I'm not samba expert! (BTW, my wife accesses the system from her computer at UMass)
On Monday, May 7, 2001 11:01 AM, Keller, Tim <Tim.Keller(a)stratus.com> wrote:
>Hey I was looking at the sample smb.conf file (and I've set up a bunch of
>samba servers as well) and I saw something odd (well odd for
>me)
>
>-- start cut --
># Configure Samba to use multiple interfaces
># If you have multiple network interfaces then you must list them
># here. See the man page for details.
>interfaces = 192.168.3.1 24.91.122.146
>-- end cut --
>
>>From a home network point of view, why would you want samba to bind to your
>external (24.xx...) address? Maybe I'm doing something wrong?
>
>I personally add rules to my firewall to block outgoing and incoming SMB
>traffic to the outside world. SMB as a protocol goes (if you could call it
>that) tends to tell the world more then one would want...
>
>Tim.
--
Peter Gutowski <peter(a)linuxchamps.com> // tel.: (413) 587-3957
"When in company, put not your hands to any part of the body not usually discovered." --George Washington, _Rules for Civility and Decent Behavior_
