Hello List, since 2-3 weeks my packet-filter gets bombed permanently by TDSL's router. The IP which ifconfig ppp0 names after P-t-P: About 10-20 times a minute I get the following: ------------------------------------------------------------- FEBRUAR:/etc/rc.config.d # tcpdump dst host 255.255.255.255 -i ppp0 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on ppp0 17:26:25.789070 xxx.xxx.xxx.xxx.bootpc > 255.255.255.255.bootps: xid:0x88866502 ether 0:d0:ba:70:50:ab [|bootp] ------------------------------------------------------------- My questions : How can I stop those lines in /var/log/messages and /var/log/firewall ? But only those regarding these broadcasts. Is there a way to shield my box from inbound packets so that pppoed's DOD can take it offline when there is no outbound traffic ? The same issue apears with the usual scans on 80, 1214 and the other common ports. SuSEfirewall2 blocks them out but pppd regards them as traffic and keeps the connection alive. I called T-Online's "hotline" Person A: yes, there are problems with dsl in my area. I should wait a few days. Me: But ... Person A: those packets are normal. They are the answers from tho webservers I surf to. Me: But it's only this box and this is yours. [... please hold the line ...] Person B: (Chef) Person B: your firewall is WAY TOO tight. Losen the rulesets and you don't see those packets no more. Me: Where is the point of a filter then ? Person B: those packets are neccesary so that the router can spot if my box goes offline Me: but due to those packets my box can't go offline by itself Person B: no problem ... tdsl kicks you anyway after 24 h Me: ARGHL ! !! !!! My proposal, the router shouldn't ask the clients (the customers) via constant bootstrap requests, was ruled out as nonsense. Currently my SuSEfirewall2 settings are like this : though I'd rather have DROP_CRIT at YES ------------------------------------------------------------- FW_LOG_DROP_CRIT="no" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" ------------------------------------------------------------- Shouldn't those broadcast be ignored anyway ? ------------------------------------------------------------- FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" ------------------------------------------------------------- Here a few lines of my /var/log/messages ------------------------------------------------------------- Dec 4 17:23:34 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00 PREC=0x00 TTL=255 ID=54221 PROTO=UDP SPT=68 DPT=67 LEN=584 Dec 4 17:23:37 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00 PREC=0x00 TTL=255 ID=54417 PROTO=UDP SPT=68 DPT=67 LEN=584 Dec 4 17:23:40 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT= MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00 PREC=0x00 TTL=255 ID=54613 PROTO=UDP SPT=68 DPT=67 LEN=584 -------------------------------------------------------------