[Shorewall-users] Blocking local broadcasts

Paul Gear paulgear@bigfoot.com
Tue, 30 Apr 2002 10:31:54 +1000


Drew Alexander Reed wrote:

> ...
> I have a bit of a problem in that all broardcast packets from my firewall
> to my local network are being blocked.  This has the affect of causing
> samba and thing like zebra(routing deamon) to report constant errors.
>
> The blocking seams to be being done by the common chian which looks like
> this:
>
> Chain common (5 references)
>  pkts bytes target     prot opt in     out     source
> destination
> ...
>    0     0 DROP       all  --  *      *       0.0.0.0/0
> 255.255.255.255
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 192.168.0.255
> ...
> I can't see where the last 2 entrys as reported by shorewall status are
> comming from?

They're definitely not coming from the common file.  My common chain looks
exactly like the common.def file.  Presumably there is something else at work
here.  What other files have you changed from the defaults?

> or how to stop it blocking the 192.168.0.255 address from the
> firewall out to the eth1 interface.

Keep in mind that common/common.def is only used when both rules and policies
have already been processed.  So, for example, if you have a policy of accept
on loc2fw, then common will not be used.  Thus, regardless of what exists in
common, adding an appropriate rule should override it.

Paul
http://paulgear.webhop.net