Re: What I HATE about F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2009-06-14 at 15:11 -0400, Chuck Anderson wrote:
> On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote:
> > > >       * Samba (outbound) browsing requires firewall mods
> > > I don't know how Samba works, so forgive me if I say obvious stupidity,
> > > but shouldn't *client* work even behind closed firewall (like with any
> > > other services like ssh, ftp, ...)? Isn't this a samba bug then?
> > 
> > Samba as a client needs to listen for Netbios packets replies (UDP) to
> > do browsing, so since F-10 (yes this is not something new in F-11) the
> > firewall has strict rules and there is a "samba client" specific rule.
> 
> ...which is broken in that it is too permissive, and in that it isn't 
> enabled by default.  We need to fix it so it only uses the conntrack 
> module but doesn't open inbound ports, and also enable it in the 
> default install.

Conntrack is useless you need to listen to unsolicited traffic.
Also some old MS Oss always reply to port 137 even if the client source
port is higher, conntrack would fail here too.

> https://bugzilla.redhat.com/show_bug.cgi?id=469884

If it were for me I'd close this as NOTABUG/INVALID/WONTFIX.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux