Ох-ох-ох :)
bind interfaces only (G)
This global parameter allows the Samba admin to
limit what interfaces on a machine will serve SMB
requests. If affects file service smbd(8) and name
service nmbd(8) in slightly different ways.
For name service it causes nmbd to bind to ports
137 and 138 on the interfaces listed in the inter-
faces parameter. nmbd also binds to the "all
addresses" interface (0.0.0.0) on ports 137 and 138
for the purposes of reading broadcast messages. If
this option is not set then nmbd will service name
requests on all of these sockets. If bind inter-
faces only is set then nmbd will check the source
address of any packets coming in on the broadcast
sockets and discard any that don't match the broad-
cast addresses of the interfaces in the interfaces
parameter list. As unicast packets are received on
the other sockets it allows nmbd to refuse to serve
names to machines that send packets that arrive
through any interfaces not listed in the interfaces
list. IP Source address spoofing does defeat this
simple check, however so it must not be used seri-
ously as a security feature for nmbd.
