[Shorewall-users] Blocking local broadcasts

Tom Eastep teastep@shorewall.net
Tue, 30 Apr 2002 06:34:23 -0700 (Pacific Daylight Time)


On Tue, 30 Apr 2002, Paul Gear wrote:

> Drew Alexander Reed wrote:
>
> > ...
> > I have a bit of a problem in that all broardcast packets from my firewall
> > to my local network are being blocked.  This has the affect of causing
> > samba and thing like zebra(routing deamon) to report constant errors.
> >
> > The blocking seams to be being done by the common chian which looks like
> > this:
> >
> > Chain common (5 references)
> >  pkts bytes target     prot opt in     out     source
> > destination
> > ...
> >    0     0 DROP       all  --  *      *       0.0.0.0/0
> > 255.255.255.255
> >     0     0 DROP       all  --  *      *       0.0.0.0/0
> > 192.168.0.255
> > ...
> > I can't see where the last 2 entrys as reported by shorewall status are
> > comming from?
>
> They're definitely not coming from the common file.  My common chain looks
> exactly like the common.def file.  Presumably there is something else at work
> here.  What other files have you changed from the defaults?
>

Shorewall adds the subnet broadcast address (if any) of each interface.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net