P8 - How to Block File Types in TrueNAS SMB Shares
🚀 TrueNAS P8 – How to Block File Types in TrueNAS SMB Shares (Using Veto Files)
Managing shared storage securely is a critical task for any system administrator. In this guide, you’ll learn how to Block File Types in TrueNAS SMB shares using the powerful Veto Files option.
If you want to restrict dangerous or unwanted file types like:
.exe.bat.ps1.zip.rar.mp4Cache files
Hidden system files
This step-by-step tutorial will help you configure everything properly.
By applying Veto Files rules, you can:
✅ Improve SMB share security
✅ Prevent malware or script uploads
✅ Reduce storage clutter
✅ Protect your NAS from risky file types
This method works reliably on both TrueNAS CORE and TrueNAS SCALE.
🧠 Understanding Veto Files in TrueNAS
Before configuring, it’s important to understand how Veto Files works.
🔹 Blacklist Mechanism Only
TrueNAS uses veto files as a blacklist system.
❌ There is NO whitelist (“allow”) mode
✅ You can only block file patterns
🛠 You must update the veto list when new file types need blocking
This means if you want to block additional formats later, you must manually update the configuration.
⚙️ Step 1: SSH into TrueNAS and Identify SMB Share ID
To block file types, we need the internal ID of the SMB share (dataset).
SSH into TrueNAS and run:
This command will return a JSON output listing all SMB shares and their IDs.
Locate the ID of the dataset you want to configure.
For example:
You will use this ID in the next step.
🔒 Step 2: Configure Veto Files Rule
Using the ID obtained above (example: 2), apply the veto configuration:
🔍 Important Notes
Each pattern inside
veto filesis separated by/Pattern matching is similar to Linux path matching
If you need multiple sub-configuration lines, use
\ninside the JSON stringSimply add new file extensions if you want to block more formats
Example format:
🗑 What Does delete veto files = yes Do?
If enabled:
The file will be automatically deleted
Even if a user manages to upload it using tricks or alternate methods
This adds an additional layer of protection to your SMB environment.
⚠ If set to no, the file will be blocked but not automatically removed.
🔄 Step 3: Restart SMB Service
After applying the configuration, restart the SMB service:
Enter the root user password when prompted.
This ensures the new veto rules are applied immediately.
🧪 Testing the Configuration
Now log in from a Windows SMB client and test:
Upload a
.ps1fileUpload a
.exefileUpload a
.zipfile
If configured correctly:
The file will not appear in the share
Or it will be automatically removed (if delete option enabled)
This confirms that you successfully Block File Types in TrueNAS.
🛡 Why Blocking File Types is Important
In real-world environments, users may accidentally upload:
Malware executables
Unauthorized scripts
Large media files
Archive files containing unknown content
Blocking these file types helps:
Maintain storage hygiene
Enforce company policies
Reduce ransomware risks
Improve compliance
For small businesses and home labs, this is a lightweight but powerful security layer.
🏢 Recommended Best Practices
When using Veto Files in production:
Block executable and script formats (
.exe,.ps1,.bat,.dll)Block unnecessary media formats if storage is limited
Review veto list quarterly
Document changes in configuration
Test after every modification
Remember: this is a blacklist mechanism. If new file formats become a risk, you must manually update the rule.
🔎 Troubleshooting
If file blocking does not work:
✔ Confirm correct SMB ID
✔ Ensure JSON formatting is correct
✔ Verify use of / between patterns
✔ Restart SMB service
✔ Check for typo in file extension
Most issues occur due to incorrect JSON escaping or missing / separators.
🎯 Final Result
After completing this setup:
Restricted file types cannot be stored in SMB shares
Storage remains clean and organized
Risky uploads are prevented
NAS environment is more secure
Using Veto Files is one of the simplest yet most effective ways to Block File Types in TrueNAS.
This configuration is ideal for:
IT administrators
Small business environments
Home labs
Domain-integrated SMB shares
📌 Conclusion
Configuring Veto Files is a powerful method to control file behavior in SMB shares. By implementing this guide, you ensure your TrueNAS environment remains:
🔐 Secure
📁 Organized
⚡ Efficient
🛡 Protected
If you want to build a clean, secure, and optimized SMB infrastructure, blocking unwanted file types is an essential step.
See also related articles
P21 – Effortless WordPress TrueNAS Setup Guide
P21 – Effortless WordPress TrueNAS Setup Guide 🚀 TrueNAS P21 – WordPress TrueNAS Apps Demo Deploy WordPress Easily (No Docker Skills Needed) Deploying WordPress on a NAS no longer requires deep Docker knowledge or complex manual configurations. With WordPress TrueNAS Apps, you can launch a fully functional WordPress instance directly...
Read MoreP20 – Essential ZFS Disk Scrubbing Best Practices Guide
P20 – Essential ZFS Disk Scrubbing Best Practices Guide 🚀 TrueNAS – P20: ZFS Disk Scrubbing – Step-by-Step Configuration & Best Practices Maintaining data integrity is one of the most important responsibilities of any storage administrator. Even enterprise-grade disks can develop silent data corruption over time. This is where ZFS...
Read MoreP18 – Ultimate MFA TrueNAS Security Setup Guide
P18 – Ultimate MFA TrueNAS Security Setup Guide 🚀 TrueNAS – P18: Secure TrueNAS with MFA (Google Authenticator) – Full Configuration Tutorial Security is critical for any production storage system. A strong password alone is no longer enough. If credentials are leaked, brute-forced, or reused elsewhere, your entire NAS infrastructure...
Read More