iptables -A FORWARD -p TCP --dport 137:139 -j DROP
iptables -A FORWARD -p UDP --dport 137:139 -j DROP

Hi, are these rules ok for blocking attacks on ports 137:139 ?

Thank you

i didnt think those ports really mattered on a NIX box, only windows has to protect those ports, IMHO

Yes, i agree, but since my portsentry gets crazy from all that alerts and system resources are precious I would like to block them completely. That's why I'm looking for iptables rules for blocking ports 137->139.

You will want to use INPUT instead of FORWARD unless you have 2 NICs and are FORWARDING packets.

Originally posted by XTStrike
i didnt think those ports really mattered on a NIX box, only windows has to protect those ports, IMHO

What about samba?

Originally posted by RutRow
You will want to use INPUT instead of FORWARD unless you have 2 NICs and are FORWARDING packets.

Thank you.

And yes RutRow is right about samba involved although not my case.

If any other has any other suggestions I would really appreciate it since I found some more rules about blocking traffic related to this issue (ports 137:139 netbios attacks, etc) and I'm not absolutely sure about them. If someone could tell me what he uses for his system. Thank you.

I would suggest using iptables to DROP all incoming traffic except on ports that you need open. This would negate your need for portsentry. Don't attempt this unless you are sure of your rulesets, otherwise you could find yourself locked out of your own box. I've been there and done that. Now I keep a nice little rule flushing script ready in cron just in case I make a fatal mistake. ;)