Mailinglist Archive: opensuse-security (408 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 vs. DHCP
  • From: Alan Hadsell <ahadsell@xxxxxxxxxxxx>
  • Date: Sat, 06 Apr 2002 09:47:29 -0800
  • Message-id: <u3cy8lnwu.fsf@xxxxxxxxxxxx>
Erwin Lam <erwin.lam@xxxxxxx> writes:

> Well,... I am not an expert in this matter and I don't understand it
> either, but could you please post that log entry so we can have a look
> at it.

OK, finally back at home where I can get to my logs.

Here's a log entry from this morning:
| Apr 6 07:50:33 wally kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC= SRC= DST= LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=68 DPT=67 LEN=308

Interestingly, the source address (which I have mangled in the message
above, BTW) is actually *my* IP address, and that's consistent with
the source port (bootpc) and the destination port (bootps). IOW, it
looks like it's the request from my DHCP client that's being trapped.

What I can't figure out is how this message is winding up in the INPUT
table, which is where the anti-spoofing rules are.

Alan Hadsell
"Whatever does not kill me makes me stranger".

< Previous Next >
Follow Ups