On Sun, Jan 01, 2023 at 05:21:47AM -0000, Benyamin Limanto wrote:
As title stated, the samba nmblookup failed when firewalld on, I already enable all the samba context on SELINUX, no selinux error, and already --permanent / allow the samba service permanently on my Fedora 37.
nf_contrack_netbios_ns is loaded, is there anything else that I can check so I could find the cause why firewalld is blocking nmblookup?
I think automatic connection tracking is now disabled on all kernels. So you have to explicitly assign them.
This can be done in firewalld with a policy:
# firewall-cmd --permanent --new-policy outboundHelpers # firewall-cmd --permanent --policy outboundHelpers --add-ingress-zone HOST # firewall-cmd --permanent --policy outboundHelpers --add-egress-zone ANY # firewall-cmd --permanent --policy outboundHelpers --add-service netbios-ns # firewall-cmd --reload
Let me know if the above works.
Eric.