From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 23 Jul 2011 10:19:29 +0000 (+0100)
Subject: jem.m4: Remove SMB for untrusted hosts.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/f3f390bc6f8cbb9426cebe4578ceda9224805c7e

jem.m4: Remove SMB for untrusted hosts.

Leave that as a job for artist.
---

diff --git a/jem.m4 b/jem.m4
index 78574f1..26f1398 100644
--- a/jem.m4
+++ b/jem.m4
@@ -65,15 +65,5 @@ for p in tcp udp; do
 	  -p $p --destination-port $port_dns
 done
 
-## Allow smb and nmb to untrusted hosts.  This is a bit experimental.
-run iptables -A inbound -j ACCEPT \
-	-s 172.29.198.0/24 \
-	-p udp -m multiport --destination-ports \
-		$port_netbios_ns,$port_netbios_dgm
-run iptables -A inbound -j ACCEPT \
-	-s 172.29.198.0/24 \
-	-p tcp -m multiport --destination-ports \
-		$port_netbios_ssn,$port_microsoft_ds
-
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------