[Firehol-support] samba problems
Costa Tsaousis
costa at tsaousis.gr
Tue Nov 4 21:49:00 GMT 2003
Hi Goetz,
well it seems you are the first having a server samba accept without a
client all accept...
The problem here is this:
If I match the state NEW,ESTABLISHED on the netbios-ns reply, then your
server statement would work as expected, but when the service samba is
used on clients, it would open all unpriviliged ports to anyone using port
netbion-ns as source port.
Of course, this is extremely bad and should be avoided.
In FireHOL v1.168 (in the CVS) I have implemented a hack so that I match a
NEW,ESTABLISHED state for interface/server statements and just ESTABLISHED
for interface/clients and routers. This will allow your server to respond,
but then if a linux is used as a samba client we still have the problem
(the reply will be dropped).
So, case is still open...
Costa
More information about the Firehol-support
mailing list