[cobalt-security] Why does PortSentry continue to log ports 137 and 138 even though I've told it not to?

["Dan" <daniel@xxxxxxxxxxxxxxxxxxxxxxxx>]

Can anyone help?

I recently installed the UK2net firewall as a test to see if it would work
on my Raq 3 (I'm not with UK2Net but the configuration of the firewall
seemed fairly easy to adapt). Prior to this I had Portsentry and Logcheck
running fine. Since installing the firewall and it seeming to work, I have
been repeatedly swamped with logs relating to ports 137 and 138 from
machines on the local network. Even if I turn the firewall off (as it is
now) the logs keep coming through e.g.

May  1 15:01:20 kernel: Packet log: input DENY eth0 PROTO=17
195.224.212.76:137 195.224.212.255:137 L=78 S=0x00 I=45852 F=0x0000 T=64
(#27)
May  1 15:01:38 kernel: Packet log: input DENY eth0 PROTO=17
195.224.15.27:137 195.224.15.255:137 L=78 S=0x00 I=25559 F=0x0000 T=128
(#45)

I've seen this "problem" discussed a number of times judging by the amount
of posts I've read, but none of the solutions work.

I'm using Portsentry in advanced stealth mode using IPchains which worked
fine prior to the firewall script. I've tried "ignoring" ports 137 and 138
in the portsentry.conf file (a common solution), after stopping the program,
and then starting back up again, but it continues to do it. I've tried
clearing out the portsentry blocked files and etc/hosts.deny file etc

Before anyone asks, I've been through a couple of hundred posts on
Google\Deja\Cobalt list Archives. Would re-installing portsentry work or
could it have something to do with IPchains?

Any pointers as to what to do next? I thought these "new" log entres were as
a result of the firewall but disabling it does not have an effect!

Thanks for any help - these logs are crippling me!

Dan