[Bug 458] New: osf module doesn't always identify operating system
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Mar 6 12:56:01 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=458
Summary: osf module doesn't always identify operating system
Product: netfilter/iptables
Version: patch-o-matic
Platform: i386
OS/Version: Mandrake Linux
Status: NEW
Severity: normal
Priority: P2
Component: unknown
AssignedTo: laforge at netfilter.org
ReportedBy: casueps at hotmail.com
I have the osf module and I have loaded the fingerprint file from
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
into /proc/sys/net/ipv4/osf with the osf_load.sh script
I also have the following rule
iptables -I FORWARD -j DROP -p tcp -m osf --genre Windows --smart
But when a Windows box that is behind the firewall with that rule tries to
access web sites, it is sometimes allowed and sometimes not. For example, they
can access www.google.com but not es.yahoo.com.
Linux boxes can access every web site as always. But I think that rule should
block every tcp connection from Windows clients, so I think it doesn't always
recognize correctly the operating system.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list