Blocking netbios through firewall?

[wjbell]

This is my first post here so I hope it's in the right place...

I have a firewall set up with ipchains on my Linux machine. I have it all set up and working with a default policy to deny everything then I only let certain things through. I have been seeing entries in my logs for netbioes, ports 137 and 139. Some are coming from my own ISP. Is there any reason I should let netbios requests through? Right now it's blocked and there doesn't seem to be any problems but if there's a reason I would want netbios to come through, please let me know. I'm new to firewalls and what to allow through.

TIA [sig][/sig]

 

[AndyBo]

It's probably a lot safer if you disable Netbios traffic. It gives the bad guys one less thing to bother you with, and there's no real reason to be offering Netbios services to the general Internet.

For future reference, there are a couple of Linux forums that you might be interested in: &quot;Linux (server)&quot; and &quot;Linux (client/desktop&quot;. There's also a &quot;General security discussion&quot;. You can register for these using the search box at the top left hand corner of the page. Just search for &quot;Linux&quot; or &quot;security&quot; and click on the links to register. [sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]

 

[ElgisRamon]

Yup... probably some curious user in your ISP's side of the Internet is trying to find little holes in your firewall.... then never open these ports!

You're doing it very well... continue [sig][/sig]

 

[wjbell]

Ok, thanks guys. I was thinking maybe my ISP needed that port open for somthing to do with my connection.

I'll check out the other forums mentioned also.. [sig][/sig]