Mailinglist Archive: opensuse-security (407 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 vs. DHCP
Erwin Lam <erwin.lam@xxxxxxx> writes:

Well,... I am not an expert in this matter and I don't understand it
either, but could you please post that log entry so we can have a look
at it.

OK, finally back at home where I can get to my logs.

Here's a log entry from this morning:
,----
| Apr 6 07:50:33 wally kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC=
SRC=64.85.299.299 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=68 DPT=67 LEN=308
`----

Interestingly, the source address (which I have mangled in the message
above, BTW) is actually *my* IP address, and that's consistent with
the source port (bootpc) and the destination port (bootps). IOW, it
looks like it's the request from my DHCP client that's being trapped.

What I can't figure out is how this message is winding up in the INPUT
table, which is where the anti-spoofing rules are.

--
Alan Hadsell
"Whatever does not kill me makes me stranger".


< Previous Next >
Follow Ups
References