I have found how to block bonjour broadcasting, but I am wondering if there is a way to block NetBios and other Windows broadcasting so users can’t see all the computers on the network.

Does this do it? I have to admit I am a Mac user so I am unsure. Of course change accept to either reject or drop.

Allow Windows CIFS and netbios between computers in the same department using a tag

accept
dport 139 or dport 445
and ipprotocol tcp
and tdiff department 0 # difference between department tags is 0, meaning they match
;

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.