/proc/net/ip_conntrack shows the following record after running 'nmblookup «hostname»': udp 17 26 src=192.168.1.2 dst=192.168.1.255 sport=43290 dport=137 packets=3 bytes=234 [UNREPLIED] src=192.168.1.255 dst=192.168.1.2 sport=137 dport=43290 packets=0 bytes=0 mark=0 secmark=0 use=1 Almost all traffic has been blocked using Ubuntu's ufw (thus actually iptables). I want to *allow* replies on this broadcast request using a rule which looks like: -A ufw-before-input -m conntrack --ctstate ESTABLISHED -p udp -s 192.168.1.0/24 --sport 137 -j ACCEPT But unfortunately 'conntrack' doesn't recognize the sender's IP address (e.g. 192.168.1.3) as a 'member' of 192.168.1.255. Does anyone have a solution to allow these replies to hostname resolution requests which make use of random ports? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
