how to block port 139 using iptables
 

Hi, I am using samba server on ip 192.168.0.88. Now i want to block all ips other than 192.168.0.7 and 192.168.0.10. I tried in these ways.
But i am able to access from other ips also.
When i used this rule
I am able to access samba share from any ip. What is this it? What to i do now? I dont want through tcp wrappers. It has to happen by iptables.

Most likely you have a rule above those which is sending the packets to ACCEPT.

Change the append (-A) to an insert (-I) and try again. If it works, then it confirms the above.

Rather than doing it that way, accept traffic from that IP to 139 and drop everything else. Assuming you have a default policy of drop, or some other catch-all at the end of the chain, you shouldn't need to specifically drop any thing, so

These are two rules above.
The same rules are in other system and i used for port number 22 which is working fine.

The way you were trying to do it couldn't work anyway: you've already dropped 192.168.0.10

Haha, word! Nice catch! :)

You should really let us see the whole picture by posting the complete output of:

Hmmm, okay. Well, considering that there are no non-loopback terminating rules, then I would say that your problem is caused by what billymayday pointed out. This would mean that with the rules in your original post, you WOULD be able connect from 192.168.0.7, but NOT from 192.168.0.10. My suggestion would be to follow billymayday's advice and change your policy to DROP, making ACCEPT rules only for packets you want to allow. I do, however, understand that can take some time to properly implement when you aren't familiar with iptables (depending on how much stuff you actually need to allow), so a temporary fix for you could be to do this (instead of what you were doing in the OP):

This did not work out. Yes i am not much familiar with iptables. I am just newbie. I am scared to use default policy to DROP. Because when i used at my home PC the whole GUI stopped working, all icons are disabled, terminal did not opened and only mouse pointer was moving. And even my PC was not booted. Again i went to single user mode and flushed all rules. These are rules in other system and working fine.

Post the "iptables -nvL INPUT" output you have after implementing the rules.

I don't see why it wouldn't work - it's the same approach you have on the box which you report works fine.

This was the out put.

This looks fine to me. TCP packets coming into port 139 will only get sent to ACCEPT if they have a source address of 192.168.0.7 or 192.168.0.10. I suggest you check the method you are using to test this (make sure you are really using one of those two IPs when testing), but if any packets from those two IPs are getting sent to DROP by that last rule, then it should be easy to spot by sticking a LOG rule on top of it, like:

Hi there

Try and block both UDP and TCP packets on the samba port 139

iptables -A INPUT -i eth0 -p udp etc etc.

Yeah, that would explain why other IPs were still getting to the daemon. I went to the Samba page and found this. So in order to do this properly (or at least the way the Samba people recommend on that link) you'd wanna use something like this:Or alternatively, create a new chain in order to streamline the process a bit, like:

Hi win32sux,
Wow this worked pretty well. Thank youuuuu........