I have samba set up locally for my windows nerd offspring as my linux box has the printer. Like any network noob I hacked files until I eliminated the errors and forgot it. /var/log is filling up with files samba.<IP> e.g samba.59.105.86.10 (which whois tells me is in China). Each one records denial of service (Connection refused). Can someone please tell me. I am set up for local network access only (I think) and I am on a small isp in Ireland.

1. How do they know I'm running samba?
2. What firewall ports do I block?
3. What config file magic have I got wrong?

1. They don't know your running it, they are probably just probing your machine using something like nmap.

2. Block these ports 139 and 445

3. its a firewall issue, not a configuration issue, because you want the people on your lan to have access to your shares

Thank you kindly jimbo1708.

I was expecting to get my butt kicked for leaving the door open. It will make me careful running a server!