Hi, as someone else already suggested: RTFM (read the fu**ing manual). This is not an arrogant statement but a totally normal advice - it's been this way since the early days of the internet (as I remember it). You really need to read about networking, protocols and services if you are serious about firewalls and security in general. Without a basic knowledge it will be very frustrating to try and get things working. To answer your question: it is a good idea to block netbios traffic (137-139 TCP and UDP) trying to access anything else but your local LAN. Erwin --- BLeonhardt@analytek.de wrote:

Ok,

so thank's for all your answers ... it's working now ...

... but today something strange is happend ...

the host tried to make a connection to an unknown IP on port 137 ( UDP ) ... why that ? ... usually Port 137 ( UDP ) is :

netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service

... here the log-entry :

Nov 28 12:26:22 linux-box kernel: OPEN: 192.168.10.60 -> 213.6.48.154 UDP, port:137 -> 137

... anybody an idea ??? should I deny any connections from host to internet on this port ???

Mit freundlichen Grüßen Bruno Leonhardt

CLP Domino R5 Systemadministrator ________________________________________________________________________________________________________

AnalyTek Systemhaus Hospitalstr. 2a

D-65589 Hadamar

Tel.: 06433/81403-15 Fax : 06433/81403-40

-- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91