Bug 193980 - lokkit unnecessarily installs ip_conntrack_netbios_ns module
lokkit unnecessarily installs ip_conntrack_netbios_ns module
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
Depends On:
  Show dependency treegraph
Reported: 2006-06-03 16:09 EDT by Curtis Doty
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-05 10:42:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Curtis Doty 2006-06-03 16:09:19 EDT
This manifested itself for me in anaconda/ks installs. With 'firewall --enabled
--ssh' (nothing else) in a kickstart and no mention of samba, it still wound up
with modifications to iptables-config that unnecessarily installs
ip_conntrack_netbios_ns module.

A quick glance at lokkit.c indicates it is already tracking the samba-realated
ports. So a solution would be to tell write_firewall to only make the change
Comment 1 Chris Lumens 2006-06-05 10:42:33 EDT
This is as designed.  The samba port tracking is for serving - if you want to
run a Samba server on your computer and allow people outside your firewall to
gain access to it.  The conntrack module is there simply for if you want to
browse Samba shares on other people's computers, and should not be any cause for
concern if it's loaded but you don't do this.

Note You need to log in before you can comment on or make changes to this bug.