On Wed, 2004-09-29 at 09:28 -0400, Charles R. Anderson wrote: > On Wed, Sep 29, 2004 at 11:00:59AM +0200, Alexander Larsson wrote: > > In my quest to make SMB browsing work with the default firewall rules, > > thus fixing: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133478 > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918 > > > > I have now written a kernel conntrack module (attached) that marks > > replies to netbios name requests as RELATED to the original connection. > > This means the default firewall rules will work when this module is > > loaded. I'm not actually an expert in netbios or firewall stuff, so I'd > > love if someone who knew this better took a look at it and made sure it > > looks ok. > > Yay! Thank you! Does this work for other multi/broadcast protocols, > or is it specific to netbios? I think a generic solution would be > nice. It hardcodes the netbios port, but i guess more ports could be added, ot it could be a module parameter. I posted this upstream, lets see what they think: https://lists.netfilter.org/pipermail/netfilter-devel/2004-September/016986.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc alexl@xxxxxxxxxx alla@xxxxxxxxxxxxxx He's a world-famous overambitious messiah in a wheelchair. She's a virginal gold-digging lawyer living homeless in New York's sewers. They fight crime!
