On Thu, Oct 23, 2003 at 05:34:36PM +0800, Joe Morris (NTM) wrote:
From my experience with SuSEfirewall and SuSEfirewall2, if FW_KERNEL_SECURITY is set to Yes, it will record martian source packets. I know mine does record them, i.e. Oct 1 17:59:31 jmorris kernel: martian source 169.254.255.255 from 169.254.234.16, on dev eth1 Oct 1 17:59:31 jmorris kernel: ll header: ff:ff:ff:ff:ff:ff:00:e0:4c:3b:a3:34:08:00 before DHCP gave it its address.
This is not what exactly I meant. These messages are coming from route.c in the kernel. What I was looking for was messages from iptables rule DROP-ANTI-SPOOFING (see /sbin/SuSEfirewall2) As I am not getting those messages I conclude that the packets are dropped by the kernel at an earlier stage, before hitting iptables rules. I just wanted to make sure that this conclusion is correct. Regards, -Kastus