Banning IPs from SMB?

Discussion in 'OS X' started by yg17, Apr 27, 2005.

  1. macrumors G5


    Aug 1, 2004
    St. Louis, MO
    I'm on a college network, and everyone connects to everyone elses computer to download stuff. Well, uh, I have some, umm, legal files shared, no illegal piracy going on here. Problem is, there are a few leeches on the network who download like 10 gigs of legal files and don't share anything in return. So, instead of allowing them to do this which then slows down my computer, I want to ban them :D I can use smbstatus to see who's downloading, use tcpdump to get their IP, but how would I go about banning them from connecting via SMB to my shared files? Thanks
  2. macrumors 68030


    Jun 25, 2001
    Moneyapolis, Minnesota
    ha ha ha... yeah... maybe your stuff is legal, but the stuff they upload isn't legal... nice try at covering yourself :D

    Sorry, but I don't know if you can do what you want or not.
  3. macrumors 6502a

    Apr 19, 2005
    i'm not sure of a specific thing in samba that will do this and a quick google search unveils nothing interesting, maybe my google-fu sucks tonight. You could add the IP to /etc/hosts.deny... at least that's in linux... might be something similiar ... xinetd has this ability as well
  4. macrumors 603


    Oct 16, 2003
    Firewall settings ... shouldn't be too complicated, but I have never done it, so I'm not really sure.
  5. macrumors 603


    Oct 16, 2003
    I have tested the /etc/hosts.deny approach, it is used by tcpd and man tcdp says:

    "The tcpd program can be set up to monitor incoming requests for telnet,
    finger, ftp, exec, rsh, rlogin, tftp, talk, comsat and other services
    that have a one-to-one mapping onto executable files.

    I wastn't able to make it work for apple file sharing, but it seems to work with smb and ssh.

    What you do is quite simple. The hosts.allow and hosts.deny files doesn't exist by default, but the tcpd service will start working as soon as both files are created. Open a terminal:

    Create an empty allow file
    sudo touch /etc/hosts.allow

    Create and edit the deny file
    sudo pico /etc/hosts.deny

    This will start the simple editor pico that will let you edit and save the file. For each IP that you wish to block, enter a line like this:

    The ALL: means to block all services for that ip.

    That's it, the "offender" should now be blocked.
  6. Moderator emeritus


    Oct 21, 2003
    Portland, OR
    Learn to use ipfw from the command line, or use BrickHouse/SunShield to control it. But your line should look like this:

    deny all from to any in

    Where is the IP of the offending party.


    Check out /etc/smb.conf, the smb.conf man page, and the "host deny" section.
  7. macrumors 601

    Westside guy

    Oct 15, 2003
    The soggy part of the Pacific NW
    You can do all sorts of interesting things with Samba. Go to and read the documentation for smb.conf.

Share This Page