[OpenIndiana-discuss] binding CIFS to a specific interface?
Jim Klimov
jimklimov at cos.ru
Tue Jul 23 14:08:55 UTC 2013
On 2013-07-23 16:00, Carl Brewer wrote:
>
>
> I haven't had any luck googling for this, except for using IPF.
>
> Is it possible to bind OI (151a8) CIFS to one interface - I have a
> server which sits on an Internet link and my LAN with two ethernet
> interfaces and I only want CIFS to listen on the LAN interface.
>
> Possible? (I know I can block it with IPF, but that's not the best way,
> IMO). Best way to do it?
Well, in general security, it is best to know what you permit.
Allow certain protocols on certain interfaces, and block the rest
by default (you can allow all from LAN ;) in this model, too).
If your server is also doing NAT for LAN systems to go to internet,
permissive rules for returning packets are added by IPF dynamically
for the duration of the NAT session.
More information about the OpenIndiana-discuss
mailing list