be a little more liberal about throwing away MS traffic

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index c63c8ea7d936307e636161e77b184c4abf4260b8..b5448b07a718827e7a004c2a89687054734678a9 100644 (file)
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -54,8 +54,7 @@ domain (ip ip6) {
 
 domain (ip ip6) {
         chain INPUT {
-                proto udp dport 137 DROP;
-                proto tcp mod multiport destination-ports (137 445) DROP;
+                proto (tcp udp) mod multiport destination-ports (135 137 138 139 445 1026 1027 1433) DROP;
                 jump log_or_drop;
         }
 }