Erwin Lam
Well,... I am not an expert in this matter and I don't understand it either, but could you please post that log entry so we can have a look at it.
OK, finally back at home where I can get to my logs. Here's a log entry from this morning: ,---- | Apr 6 07:50:33 wally kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC= SRC=64.85.299.299 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308 `---- Interestingly, the source address (which I have mangled in the message above, BTW) is actually *my* IP address, and that's consistent with the source port (bootpc) and the destination port (bootps). IOW, it looks like it's the request from my DHCP client that's being trapped. What I can't figure out is how this message is winding up in the INPUT table, which is where the anti-spoofing rules are. -- Alan Hadsell "Whatever does not kill me makes me stranger".