Mailinglist Archive: opensuse-security (407 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 vs. DHCP
Erwin Lam <erwin.lam@xxxxxxx> writes:

Well,... I am not an expert in this matter and I don't understand it
either, but could you please post that log entry so we can have a look
at it.

OK, finally back at home where I can get to my logs.

Here's a log entry from this morning:
| Apr 6 07:50:33 wally kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT= MAC=
SRC= DST= LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF

Interestingly, the source address (which I have mangled in the message
above, BTW) is actually *my* IP address, and that's consistent with
the source port (bootpc) and the destination port (bootps). IOW, it
looks like it's the request from my DHCP client that's being trapped.

What I can't figure out is how this message is winding up in the INPUT
table, which is where the anti-spoofing rules are.

Alan Hadsell
"Whatever does not kill me makes me stranger".

< Previous Next >
Follow Ups