Cool thanks. I assume that $PPPOE will be eth0 in my case? Regards Michael Knill
-----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Wednesday, 24 August 2016 at 1:40 PM To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Arno firewall logs Michael, Without testing, this snippet added to your "custom-rules" should drop the NETBIOS packets if PPPoE is enabled... -- snip -- if [ -n "$PPPOEIF" ]; then echo "[CUSTOM RULE] Drop PPPoE Modem NETBIOS packets" ip4tables -A INPUT_CHAIN -i $PPPOEIF -p udp --dport 138 -j DROP fi -- snip -- Lonnie On Aug 23, 2016, at 7:41 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Thanks Lonnie > > It does work for the IGMP packets. What should I put in for the Netbios > packets? > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Wednesday, 24 August 2016 at 10:33 AM > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Arno firewall logs > > Michael, > > You must have also defined MODEM_IF_IP and/or MODEM_IP, if you only define > MODEM_IF="eth0" then there should not be any logging but does allow those > packets, not ideal. > > There really should be a logging option for this plugin, Arno last modified > it 5 years ago. > > Try what Michael Keuter suggested and not enable the dsl-ppp-modem and add > the custom_rules tweak(s) he posted. > > Lonnie > > > > On Aug 23, 2016, at 5:18 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Hi Lonnie >> >> Ok so I configured up the dsl-ppp-modem plugin and as Michael mentioned, it >> still logs the following IGMP and Netbios packets: >> >> Aug 24 08:12:18 4010-Breeze_HO-CM1 user.info kernel: AIF:Dropped MODEM >> packet: IN=eth0 OUT= MAC=01:00:5e:00:00:01:18:a6:f7:c7:3a:2c:08:00 >> SRC=172.30.254.2 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF >> PROTO=2 >> Aug 24 08:16:05 4010-Breeze_HO-CM1 user.info kernel: AIF:Dropped MODEM >> packet: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:18:a6:f7:c7:3a:2c:08:00 >> SRC=172.30.254.2 DST=172.30.254.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=0 >> DF PROTO=UDP SPT=138 DPT=138 LEN=221 >> >> It does say Dropped MODEM packet rather than Dropped INPUT packet though so >> it did something. >> All log denied entries are unchecked. >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> >> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Tuesday, 23 August 2016 at 11:25 PM >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: Re: [Astlinux-users] Arno firewall logs >> >> Hi Michael, >> >> There is a firewall plugin for that, "dsl-ppp-modem": >> https://doc.astlinux.org/userdoc:tt_firewall_plugins#dsl-ppp-modem >> >> That plugin only adds firewall rules, no routes or IP address. It seems >> defining MODEM_IF to the PPPoE external interface is the only required >> setting. >> >> Also check your Firewall sub-tab and uncheck all the "Log Denied ..." >> entries to minimize logging. >> >> Lonnie >> >> >> On Aug 23, 2016, at 6:46 AM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >>> Hi group >>> >>> Unfortunately Im not that good on the firewall config. >>> I have an external PPPoE modem on eth0 which I access via an IP Address >>> configured in rc.elocal. >>> Unfortunately I have recently installed a VDSL2 modem that's trying to be >>> cleverer than I want it to be and it is filling up my logs with firewall >>> denies from broadcast and multicast traffic: >>> >>> Is there any way I can stop logging on this interface? >>> >>> Regards >>> Michael Knill >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
