Bug 193980 - lokkit unnecessarily installs ip_conntrack_netbios_ns module
Summary: lokkit unnecessarily installs ip_conntrack_netbios_ns module
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-03 20:09 UTC by Curtis Doty
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-06-05 14:42:33 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Curtis Doty 2006-06-03 20:09:19 UTC
This manifested itself for me in anaconda/ks installs. With 'firewall --enabled
--ssh' (nothing else) in a kickstart and no mention of samba, it still wound up
with modifications to iptables-config that unnecessarily installs
ip_conntrack_netbios_ns module.

A quick glance at lokkit.c indicates it is already tracking the samba-realated
ports. So a solution would be to tell write_firewall to only make the change
if(samba_port_ndx).

Comment 1 Chris Lumens 2006-06-05 14:42:33 UTC
This is as designed.  The samba port tracking is for serving - if you want to
run a Samba server on your computer and allow people outside your firewall to
gain access to it.  The conntrack module is there simply for if you want to
browse Samba shares on other people's computers, and should not be any cause for
concern if it's loaded but you don't do this.


Note You need to log in before you can comment on or make changes to this bug.