Thank you for the information.
Reading the text on Samba, we find that insanity is engaged by default, as if a few people from inside Samba wanted to destroy it from the inside. LOL!
"By default Samba will accept connections from any host, which means that if you run an insecure version of Samba on a host that is directly connected to the Internet you can be especially vulnerable."
Ref:
https://www.samba.org/samba/docs/server_security.html
[Meh: and there should be a comma between: "default" and "Samba" .]
I did try restricting with almost those lines, and I wasn't sure if I had chosen my ranges too tightly, or if the network here is a little strange. There, apparently are versions of Samba on some distros compiled with non-functioning allow/restrict options.
Even with all of Microsoft's bewildering security blunders [COUGH! registry, filemanager/webrowser lookalike, allowing DRM rootkits COUGH!] ...anyway, to their credit, from the networking user interface, they at least tried to differentiate the local network from the Internet UI-wise.
It would have been my hope that if Samba truly emulated Windows networking, they would not security-wise put the user out there on a busy inner-city streetcorner, on a hot summer night, with $20-bills taped to its otherwise naked body.