Any idea when we might see the iptables match code for port scan detection in fedora or rawhide? --- Alexander Larsson <alexl@xxxxxxxxxx> wrote: > On Wed, 2004-09-29 at 09:28 -0400, Charles R. > Anderson wrote: > > On Wed, Sep 29, 2004 at 11:00:59AM +0200, > Alexander Larsson wrote: > > > In my quest to make SMB browsing work with the > default firewall rules, > > > thus fixing: > > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133478 > > > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113918 > > > > > > I have now written a kernel conntrack module > (attached) that marks > > > replies to netbios name requests as RELATED to > the original connection. > > > This means the default firewall rules will work > when this module is > > > loaded. I'm not actually an expert in netbios or > firewall stuff, so I'd > > > love if someone who knew this better took a look > at it and made sure it > > > looks ok. > > > > Yay! Thank you! Does this work for other > multi/broadcast protocols, > > or is it specific to netbios? I think a generic > solution would be > > nice. > > It hardcodes the netbios port, but i guess more > ports could be added, ot > it could be a module parameter. > > I posted this upstream, lets see what they think: > https://lists.netfilter.org/pipermail/netfilter-devel/2004-September/016986.html > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Alexander Larsson > Red Hat, Inc > alexl@xxxxxxxxxx > alla@xxxxxxxxxxxxxx > He's a world-famous overambitious messiah in a > wheelchair. She's a virginal > gold-digging lawyer living homeless in New York's > sewers. They fight crime! > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-devel-list >
