The 03.10.23 at 17:34, Joe Morris (NTM) wrote:
Just checked, it is set to yes. I still wonder if martian source packets ever reach iptables or they are dropped before that so iptables wee nothing.<snip> Does it mean at this point that the packet is dropped?
From my experience with SuSEfirewall and SuSEfirewall2, if FW_KERNEL_SECURITY is set to Yes, it will record martian source packets. I know mine does record them, i.e. Oct 1 17:59:31 jmorris kernel: martian source 169.254.255.255 from 169.254.234.16, on dev eth1 Oct 1 17:59:31 jmorris kernel: ll header: ff:ff:ff:ff:ff:ff:00:e0:4c:3b:a3:34:08:00
Notice that line above is not logged by the firewall, it doesn't have the "SuSE-FW-" prefix. It is dropped before it reaches the firewall code. martian packets can simply not be routed (no real address to respond to), thus it makes no sense to pass them on. According to '/usr/src/linux/Documentation/filesystems/proc.txt': 2.8 /proc/sys/net/ipv4 - IPV4 settings File '/proc/sys/net/ipv4/conf/*/log_martians' log_martians ------------ Log packets with source addresses with no known route to kernel log. And according to '/usr/src/linux/Documentation/networking/ip-sysctl.txt': log_martians - BOOLEAN Log packets with impossible addresses to kernel log. log_martians for the interface will be enabled if at least one of conf/{all,interface}/log_martians is set to TRUE, it will be disabled otherwise -- Cheers, Carlos Robinson