such as implementing a "state tracker" which is the real security in the combination NAT is used in . NAT is merely rewritting addresses, and the state tracker keeps track of connections made so it can remember who's related to an local host going out and not letting external hosts in without a relation to an internal host's connection.
]]>Do you have real native IPv6 connectivity?. if so then putting a filter in might be a good idea.
Yes, I have native IPv6. What kind of filter are you referring to?
]]>If not.. then you can't really be reached over IPv6 so no problem.
Also putting interfaces =
can be problematic should you ever re-number your network or change IP of the host.
interfaces = 10.5.5.99
bind interfaces only = Yes
Kind of a no brainer...
]]>tcp6 0 0 :::445 :::* LISTEN 17588/smbd
tcp6 0 0 :::139 :::* LISTEN 17588/smbd
I don't want samba to listen on the global ipv6 address since there is no NAT in ivp6 (I'm assuming this will make smbd visible to the internet). I tried setting the ipv4 subnet in hosts allow in smbd.conf, but it doesn't affect ipv6.
How do I disable ipv6 from samba, or make it listen only on the link local address?