-   Linux - Networking (
-   -   banning IP addresses in samba (

HedAche 07-01-2004 11:56 AM

banning IP addresses in samba
Hi all,

I run Mandrake 10.0 in a building where 99% of users run some version of Windows. Every couple of days the printer attached to my machine starts printing meaningless garbage (!!) consisting of a seemingly random selection of symbols across the top few lines of each page. The user connecting to my machine isn't supposed to be - he's in a completely different office etc - and I want to be able to prevent his machine from connecting to mine and running these print jobs. When i do ps -aux the relevant entry is as follows:

root 3117 0.1 0.3 3072 816 ? S 16:40 0:01 parallel:/dev/lp0 23 jonck smbprn.00000028 Remote Downlevel Document 1 /var/spool/cups/d00023-001

I also know the guys IP address from the samba log file - is it possible to prevent just this machine from connecting with this info?

Many thanks in advance.

david_ross 07-01-2004 12:40 PM

Welcome to LQ.

You can do it in smb.conf with "hosts deny" - ie:
hosts deny = somepc

or by IP:
hosts deny =

For more details see:
man smb.conf

You may also want to contact the person in question. It sounds like they have the BugBear virus.

ppuru 07-01-2004 10:33 PM

Alternative to david ross' suggestion

you can control the same using tcp wrappers. edit /etc/hosts.deny

smbd: <IPs you don't want to give access to>

You won't have to reload samba each time you add an ip to the banned list.

HedAche 07-02-2004 02:40 AM

David - many thanks; I was going to contact the person who keeps connecting but he is about 85 and barely knows what a PC is (i work in an academic dept. where we have lots of yoda-types like him) - as you say it may well be BugBear; we have been hit v hard by a gamult of viruses doing a variety of things to pcs - this is one fo the reasons i am now using linux at work and trying hard to convince the IT guys to do the same (they're not the most switched on dudes in the world...)

david_ross 07-02-2004 04:01 PM

If you do contact him then there is a good removal tool available with instructions from symantec:

I'm 99% sure that it will be bugbear.

All times are GMT -5. The time now is 07:21 PM.