[openwrt/openwrt] netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra
LEDE Commits
lede-commits at lists.infradead.org
Sat Aug 31 10:56:08 PDT 2024
hauke pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/0cfb81560e2ff3f8f20cc6e835db33badf8eeabc
commit 0cfb81560e2ff3f8f20cc6e835db33badf8eeabc
Author: Florian Eckert <fe at dev.tdt.de>
AuthorDate: Tue Aug 13 08:04:55 2024 +0200
netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra
NetBIOS name service requests are sent as broadcast messages from an
unprivileged port and responded to with unicast messages to the
same port. This make them hard to firewall properly because connection
tracking doesn't deal with broadcasts.
So let´s enable this in the kernel and add them to 'kmod-nf-nathelper-extra'.
Signed-off-by: Florian Eckert <fe at dev.tdt.de>
---
include/netfilter.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 7d1f03891b..5bc336eb44 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -207,6 +207,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
# nathelper-extra
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_NETBIOS_NS, $(P_XT)nf_conntrack_netbios_ns))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
More information about the lede-commits
mailing list