+## Allow smb and nmb to untrusted hosts. This is a bit experimental.
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.0/24 \
+ -p udp -m multiport --destination-ports \
+ $port_netbios_ns,$port_netbios_dgm
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.0/24 \
+ -p tcp -m multiport --destination-ports \
+ $port_netbios_ssn,$port_microsoft_ds
+