block windows file sharing traffic between networks Post: 302578849

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

Windows Server 2003 file sharing with UNIX

We have a Windows Server 2003 box and I'd like to share a drive with a Sun Solaris box so that the Sun Solaris box can copy files to/from the Windows Server 2003. I believe that Windows Services for UNIX 3.5 will allow me to do this, can anyone comfirm this ? Also, any links on how to...

2. Linux

Please help me, about the file sharing with windows system

Did anybody can teach me how to set the premission in the samba server? How to i set the premission in one folder but two access right. With one folder but the user access rights is diffirent. One user can full access the folder, and another one user only read only. thx for helping...

3. Solaris

Windows/Solaris data sharing

Hi all, I have a request from Developer team in my compagny, they would like to be able to share data between unix and windows world. 1. We would like to be able to see Unix data from Windows : ?Samba ? 2 We would like to be able to see windows data from Solaris (Mount point) : ?NFS server...

4. HP-UX

mount windows file sharing on hp-ux

Hi all, Can anyone teach me how to mount windows file sharing on hp-ux thanks

5. Solaris

Problem in File/Dir sharing between a windows and solaris

Hi , We are trying to share a particular directory between solaris running from VMware installed on Win7 box] and windows box. We tried the SWAT utility of samba, and made all possible changes for sharing. We committed the changes and we were clueless what need to be done further.. referred...

6. Solaris

SMB + Windows sharing

Hi guys I need to create one directory on my Solaris 11 box and then share that directory on my LAN. I have only one disk of 500 GB which is more than enough for my needs. I read SMB guide for Solaris and there is no guide how to achive share only on one directory, it has only tutorials for...

7. UNIX for Advanced & Expert Users

Enterprise level Solaris&Windows file sharing

"Samba," I know, I know. However, I am a gov't worker and Samba is off the table. Does anyone have a recommendation for an off the shelf, secure solution? I've already suggested rsync and NFS services for Windows Server and got shot down.

8. Solaris

Sharing to Windows

hiiii, recently we installed samba in solaris 11 machine. and create filesystem and mounted it. we want to mount the same file system in another windows machine through samba. How share that file system to windows and how to mount in windows .

LEARN ABOUT DEBIAN

shorewall-blacklist

SHOREWALL-BLACKLIST(5)						  [FIXME: manual]					    SHOREWALL-BLACKLIST(5)

NAME

       blacklist - Shorewall Blacklist file

SYNOPSIS

       /etc/shorewall/blacklist

DESCRIPTION

       The blacklist file is used to perform static blacklisting. You can blacklist by source address (IP or MAC), or by application.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       ADDRESS/SUBNET (networks) - {-|~mac-address|ip-address|address-range|+ipset}
	   Host address, network address, MAC address, IP address range (if your kernel and iptables contain iprange match support) or ipset name
	   prefaced by "+" (if your kernel supports ipset match). Exclusion (shorewall-exclusion[1](5)) is supported.

	   MAC addresses must be prefixed with "~" and use "-" as a separator.

	   Example: ~00-A0-C9-15-39-78

	   A dash ("-") in this column means that any source address will match. This is useful if you want to blacklist a particular application
	   using entries in the PROTOCOL and PORTS columns.

       PROTOCOL (proto) - {-|[!]protocol-number|[!]protocol-name}
	   Optional - If specified, must be a protocol number or a protocol name from protocols(5).

       PORTS - {-|[!]port-name-or-number[,port-name-or-number]...}
	   Optional - may only be specified if the protocol is TCP (6) or UDP (17). A comma-separated list of destination port numbers or service
	   names from services(5).

       OPTIONS - {-|{dst|src|whitelist|audit}[,...]}
	   Optional - added in 4.4.12. If specified, indicates whether traffic from ADDRESS/SUBNET (src) or traffic to ADDRESS/SUBNET (dst) should
	   be blacklisted. The default is src. If the ADDRESS/SUBNET column is empty, then this column has no effect on the generated rule.

	       Note
	       In Shorewall 4.4.12, the keywords from and to were used in place of src and dst respectively. Blacklisting was still restricted to
	       traffic arriving on an interface that has the 'blacklist' option set. So to block traffic from your local network to an internet
	       host, you had to specify blacklist on your internal interface in shorewall-interfaces[2] (5).

	       Note
	       Beginning with Shorewall 4.4.13, entries are applied based on the blacklist setting in shorewall-zones[3](5):

		1. 'blacklist' in the OPTIONS or IN_OPTIONS column. Traffic from this zone is passed against the entries in this file that have
		   the src option (specified or defaulted).

		2. 'blacklist' in the OPTIONS or OUT_OPTIONS column. Traffic to this zone is passed against the entries in this file that have the
		   dst option.
	   In Shorewall 4.4.20, the whitelist option was added. When whitelist is specified, packets/connections that match the entry are not
	   matched against the remaining entries in the file.

	   The audit option was also added in 4.4.20 and causes packets matching the entry to be audited. The audit option may not be specified in
	   whitelist entries and require AUDIT_TARGET support in the kernel and iptables.

EXAMPLE

       Example 1:
	   To block DNS queries from address 192.0.2.126:

		       #ADDRESS/SUBNET	       PROTOCOL        PORT
		       192.0.2.126	       udp	       53

       Example 2:
	   To block some of the nuisance applications:

		       #ADDRESS/SUBNET	       PROTOCOL        PORT
		       -		       udp	       1024:1033,1434
		       -		       tcp	       57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898

FILES

       /etc/shorewall/blacklist

SEE ALSO

       http://shorewall.net/blacklisting_support.htm

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
       shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5),
       shorewall-zones(5)

NOTES

	1. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. shorewall-zones
	   http://www.shorewall.net/manpages/shorewall-zones.html

[FIXME: source] 						    06/28/2012						    SHOREWALL-BLACKLIST(5)