Hi.
Some problems/features/questions:
System: SuSEfirewall v2.6, eth0 to the internet (cable modem), eth1 to
internal network (192.168.x.x/24).
1. FW_SERVICE_DHCLIENT= yes
fw rule:$IPCHAINS -A input -j "$ACCEPT" -p udp -s 0/0 67 -d
255.255.255.255/32 68 $LAA
packets denied from my cable provider: input DENY eth0 PROTO=17
gateway.cable:67 eth0-ip:68
my rule:$IPCHAINS -A input -j "$ACCEPT" -p udp -s 0/0 67 -d 0/0 68 $LAA
Is the cable provider sending invalid packets: having my interface ip
specified when it should be 255.255.255.255 ?
Or should the rule be as I modified?
2. I have dhcpd to the internal network, but not to the internet:
FW_SERVICE_DHCPD=no and START_DHCPD=yes
If START_DHCPD = yes, dhcp is allowed for BOTH the internal and internet
interfaces.
There should be a different setting for internal/external dhcpd and
START_DHCPD should be ignored.
As I have FW_PROTECT_FROM_INTERNAL="no", I removed the test for
START_DHCPD
3. Why this rules with ippp0 hard coded ?
$IPCHAINS -A forward -j "$DENY" -d 10.0.0.0/8 -i ippp0
$IPCHAINS -A forward -j "$DENY" -d 192.0.0.0/8 -i ippp0
I removed them from from the script, as there is already in place a rule
denying packets from the net to 192/8.
Carlos
----
Carlos Costa e Silva