netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra

NetBIOS name service requests are sent as broadcast messages from an
unprivileged port and responded to with unicast messages to the
same port. This make them hard to firewall properly because connection
tracking doesn't deal with broadcasts.

So let´s enable this in the kernel and add them to 'kmod-nf-nathelper-extra'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 7d1f03891ba7ff0f7f7d405f3de67dfa151fa2e1..5bc336eb44c796fac000e4e62eaf8a74344f45d0 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -207,6 +207,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
 # nathelper-extra
 
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_NETBIOS_NS, $(P_XT)nf_conntrack_netbios_ns))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))