On Sunday 2011-03-27 17:05, crocket wrote: >I want iptables accept SMB UDP packets in a subnet. >When samba uses SMB protocol, >it sends out name queries as broadcast packets from high number random UDP >source ports to 137 or 138 UDP port on remote hosts on the same subnet. >Since reply packets to the broadcast packets don't come from the broadcast >address for the subnet, >iptables can't categorize reply packets as ESTABLISHED,RELATED with state match >module. So use -m conntrack --ctstate NEW. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
