On Fri, 18 Mar 2005 10:44:21 -0600, Doug Coats <dcoats@xxxxxxxxxxxxxxxx> wrote: > Sorry for not being more exact. > > The computer(A) that I want to print from is a Win98 machine. It is hooked > up to a FC2 box that acts as a file server/router. The computer (B) with > the printer is on another subnet. Currently(with no IPTables rules for > restriction) the > computer A can print and has access to all network resources that any other > computer on the network has access to. > > I want to restrict, in IPTables, so that computer A can print on computer B > but can only file share and print. > Then you don't want computer A to even have access to the internet, the only network connectivity it will have is to do file and printer sharing. I would include the three rules that I showed you earlier. If you want to be more precise, and only allow computer A to print and share files with computer B, but no other computers, then change the rules a little. Rule 1: ALLOW traffic from computer A with destination of computer B and with destination ports of 137:139 Rule 2: ALLOW traffic from computer A with destination of computer B and with destination ports of 445 Rule 3: DENY or REJECT all other traffic from computer A with ANY destination
