netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra

NetBIOS name service requests are sent as broadcast messages from an unprivileged port and responded to with unicast messages to the same port. This make them hard to firewall properly because connection tracking doesn't deal with broadcasts. So let´s enable this in the kernel and add them to 'kmod-nf-nathelper-extra'. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-12-18 21:28:02 +00:00 · 2024-08-13 08:04:55 +02:00 · 2024-08-13 08:04:55 +02:00 · 0cfb81560e
commit 0cfb81560e
parent cf6d52f45a
1 changed files with 1 additions and 0 deletions
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@ -207,6 +207,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
 # nathelper-extra

 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_NETBIOS_NS, $(P_XT)nf_conntrack_netbios_ns))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))