netfilter: add nf_conntrack_netbios_ns to kmod-nf-nathelper-extra

NetBIOS name service requests are sent as broadcast messages from an unprivileged port and responded to with unicast messages to the same port. This make them hard to firewall properly because connection tracking doesn't deal with broadcasts. So let´s enable this in the kernel and add them to 'kmod-nf-nathelper-extra'. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
author: Florian Eckert 2024-08-13 06:04:55 +0000
committer: Hauke Mehrtens 2024-08-31 17:55:49 +0000
commit: 0cfb81560e2ff3f8f20cc6e835db33badf8eeabc (patch)
tree: 500cc5ac64b77294bb2ca5e44054b16f41caf12c
parent: cf6d52f45af1245560995d3d09c19fad1c7bfeab (diff)
download: openwrt-0cfb81560e2ff3f8f20cc6e835db33badf8eeabc.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 7d1f03891b..5bc336eb44 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -207,6 +207,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
 # nathelper-extra
 
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_NETBIOS_NS, $(P_XT)nf_conntrack_netbios_ns))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
author	Florian Eckert	2024-08-13 06:04:55 +0000
committer	Hauke Mehrtens	2024-08-31 17:55:49 +0000
commit	0cfb81560e2ff3f8f20cc6e835db33badf8eeabc (patch)
tree	500cc5ac64b77294bb2ca5e44054b16f41caf12c
parent	cf6d52f45af1245560995d3d09c19fad1c7bfeab (diff)
download	openwrt-0cfb81560e2ff3f8f20cc6e835db33badf8eeabc.tar.gz