I’ve been trying for some time, without success, to block the Netbios ports to the Internet, as this is a security risk. Towards the Intranet (Internal Subnets) the ports should of course remain open. How can I configure this?
first, you should NOT expose UCS directly to the Internet. If you need services (which?) use a VPN instead!
However, you can limit Samba4 to use specified network adapters with the command
ucr. These are the related variables which will control the behaviour of Samba4:
interfaces/primary: ens192 samba/interfaces/bindonly: yes samba/interfaces: lo <interfaces/primary> samba/register/exclude/interfaces: docker0
But there will be much more ports open by default which you do not want to expose to the Internet. Again, use VPN and/or DMZ.
I have used UCS to host my Kopano server. I just needed a quick replacement for the old Exchange Server
If I can’t use it in the DMZ the UCS server is useless for me. In that case I will set up a suse system for it.
In any case thanks for the fast help.