From: Florian Eckert Date: Tue, 13 Aug 2024 06:04:55 +0000 (+0200) Subject: netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=0cfb81560e2ff3f8f20cc6e835db33badf8eeabc;p=openwrt%2Fstaging%2Fblocktrron.git netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra NetBIOS name service requests are sent as broadcast messages from an unprivileged port and responded to with unicast messages to the same port. This make them hard to firewall properly because connection tracking doesn't deal with broadcasts. So let´s enable this in the kernel and add them to 'kmod-nf-nathelper-extra'. Signed-off-by: Florian Eckert --- diff --git a/include/netfilter.mk b/include/netfilter.mk index 7d1f03891b..5bc336eb44 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -207,6 +207,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp)) # nathelper-extra $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast)) +$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_NETBIOS_NS, $(P_XT)nf_conntrack_netbios_ns)) $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda)) $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda)) $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))