Mailinglist Archive: opensuse-security (408 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 vs. DHCP
  • From: Alan Hadsell <ahadsell@xxxxxxxxxxxx>
  • Date: Sat, 06 Apr 2002 09:47:29 -0800
  • Message-id: <u3cy8lnwu.fsf@xxxxxxxxxxxx>
Erwin Lam <erwin.lam@xxxxxxx> writes:

> Well,... I am not an expert in this matter and I don't understand it
> either, but could you please post that log entry so we can have a look
> at it.

OK, finally back at home where I can get to my logs.

Here's a log entry from this morning:
,----
| Apr 6 07:50:33 wally kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC= SRC=64.85.299.299 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308
`----

Interestingly, the source address (which I have mangled in the message
above, BTW) is actually *my* IP address, and that's consistent with
the source port (bootpc) and the destination port (bootps). IOW, it
looks like it's the request from my DHCP client that's being trapped.

What I can't figure out is how this message is winding up in the INPUT
table, which is where the anti-spoofing rules are.

--
Alan Hadsell
"Whatever does not kill me makes me stranger".


< Previous Next >
Follow Ups
References