What I HATE about F11

Chuck Anderson cra at WPI.EDU
Sun Jun 14 19:11:31 UTC 2009


On Sun, Jun 14, 2009 at 10:45:09AM -0400, Simo Sorce wrote:
> > >       * Samba (outbound) browsing requires firewall mods
> > I don't know how Samba works, so forgive me if I say obvious stupidity,
> > but shouldn't *client* work even behind closed firewall (like with any
> > other services like ssh, ftp, ...)? Isn't this a samba bug then?
> 
> Samba as a client needs to listen for Netbios packets replies (UDP) to
> do browsing, so since F-10 (yes this is not something new in F-11) the
> firewall has strict rules and there is a "samba client" specific rule.

...which is broken in that it is too permissive, and in that it isn't 
enabled by default.  We need to fix it so it only uses the conntrack 
module but doesn't open inbound ports, and also enable it in the 
default install.

https://bugzilla.redhat.com/show_bug.cgi?id=469884




More information about the fedora-devel-list mailing list