Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
RE: [suse-security] SuSE-FW-DROP-ANTI-SPOOFING IN
  • From: Peer Stefan <stefan.peer@xxxxxxxx>
  • Date: Wed, 5 Jun 2002 12:01:03 +0200
  • Message-id: <3559BA35534FD511A1200002557C39B019D337@xxxxxxxxxxxxxxxxxxxxx>
hello,

> From: Dr. Peter Bast [mailto:pb@xxxxxxxx]
> Hello,
>
> I get permanently the following messages in my /var/log/messages:
>
> Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT=
> MAC= SRC=192.168.201.55 DST=192.168.201.255 LEN=32 TOS=0x00 PREC=0x00
> TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12
> Jun 5 11:05:20 inis kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth1 OUT=
> MAC= SRC=192.168.0.2 DST=192.168.0.255 LEN=32 TOS=0x00
> PREC=0x00 TTL=64
> ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=12

according to /etc/services udp-port 520 serves a routing protocoll.

>
> I use a Server with SuSE Linux 8.0 connected to a LAN via eth0
> (192.168.201.55) and to an externel ADSL-Router via eth1
> (192.168.0.2).
> The LAN-IP of the Hardware-Router is 192.168.0.1. All Netmasks are set
> to 255.255.255.0. The connections between the internal
> Netdevice (eth0)
> and the external Netdevice (eth1) are very slow. On the
> Server running
> BIND9, Squid Samba and Sendmail.
did you enable routing in the kernel (i guess so) and do you need it?
do you use a hub where eth0 is connected to the adsl-router?

if you just want to get rid of the entries you have to configure
/etc/rc.config.d/firewall2-custom.rc.config and add something like
fw_custom_before_antispoofing() {
iptables -A INPUT -j [DROP|ACCEPT] -p udp --dport 520
true
}
hope that helps you a bit.

regards,
stefan

< Previous Next >
Follow Ups