On 08/15/08 08:10, Stephen Isard wrote:
"-m recent --set" stores an address, just as an address, not marked as
source or dest. This address is taken from either the source or
destination address of a packet, depending on the use of --rsrc/--rdest.
In order for the rules to do what we want them to, the address has to
include the port number as well as the ip address.
"-m recent --rcheck" looks to see whether the stored address is the same
as either the source or destination address on a packet, depending on
the use of --rsrc/--rdest.
The default is to use --rsource if neither --rsource or --rdest are
specified.
By the way, googling around for help on this issue, I came across a
forum thread from 2004 discussing the same problem with respect to
samba. Evidently samba uses the same broadcast/response tactic.
Unfortunately the thread seemed to peter out without resolution. But is
there an approved firewall setup for samba these days? (I don't use
samba myself.) If so, maybe we could adapt it.
There is now a connection tracking helper in the kernel specifically
meant to help some NetBIOS traffic.
Grant. . . .
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
