Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to block Windows Share broadcasting? 137, 139, 445 block

    Firewalling
    4
    5
    5460
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      ulflun last edited by

      Hello everyone!

      I am trying to block SMB & Windows Sharing broadcasting. As now the clients turns up under "Devices" on the Network in Finder/Network devices, which I don't want to.

      I can't figure out why my Firewall Block Rule is not working on a pfSense 2.0.3 and I can't see anything in my System Log about this.

      I have my clients on a VLAN, called VLAN10.

      I've tried different block rules:

      Source: VLAN10 subnet (also tried VLAN10 adress) to Destination: VLAN10 Any, subnet, adress (tried them all) for following ports:

      netbios-ns - 137/tcp # NETBIOS Name Service
          netbios-dgm - 138/tcp # NETBIOS Datagram Service
          netbios-ssn - 139/tcp # NETBIOS session service
          microsoft-ds - 445/tcp # if you are using Active Directory

      Port 389 (TCP) - for LDAP (Active Directory Mode)
          Port 445 (TCP) - NetBIOS was moved to 445 after 2000 and beyond, (CIFS)
          Port 901 (TCP) - for SWAT service (not related to client communication)

      And they still turn up! argh. What am I doing wrong?!

      EDIT: I've put these rules above my allow any to any traffic rule, so they should work, right?

      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • U
        ulflun last edited by

        I guess I can't block traffic between hosts on the same network since they never reach the router/firewall because the hosts can talk directly to each other without having to forward the traffic to the gateway…? Except Client isolation on the access points.

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66 last edited by

          Yes, the firewall can only block data that goes through the firewall. Broadcast data only goes through the firewall in the case of the firewall bridging two networks, and even then, it can only block the broadcasts from reaching the other network.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            If you want to block traffic between hosts on the same subnet, you want Layer 2 isolation.

            Cisco: "Private VLAN Edge" and protected ports
            Brocade: Set the port on the switch going to the router as an "uplink" port
            Dlink, trendnet, etc: "Asymmetric VLAN" you can play some VLAN games with asymmetric VLANs to get the same traffic behavior.

            Any single switch supporting true "Private VLANs" will also work.  Private VLAN trunking requires all trunked devices (other switches, Access points, etc) to support Private VLANs.

            1 Reply Last reply Reply Quote 0
            • N
              n3by last edited by

              I know it is old topic but it is good to know that if you want to disable netbios on LAN you can do that easy on every computer with windows if you edit:
              Internet Protocol Version and on WINS tab select Disable NetBIOS over TCP/IP

              full article can by find here:
              http://geekflare.com/os/netbios-disable-windows-8

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy