Package: fwbuilder Version: 4.1.3-2 Severity: normal Tags: upstream
I move my laptop between several networks. On some of them there is a lot of broadcast noise that I don't care about, but also don't want cluttering the logs due to the default DENY w/ logging. Therefore I attempted to match it with a deny w/o logging rule first. The broadcasts are to the local (IPv4) network broadcast addres, 10.61.255.255 in this case. So I constructed an Address object of 10.61.255.255, and a rule with Source: Any, Destination: that address object, Service: the UDP services in question, Direction: Inbound and Action: Deny. Compiling this rule into iptables shows that it places an entry into the FORWARD chain to implement this. This is incorrect, since the broadcast packet will be processed on the INPUT chain.] I am guessing that this mistake is because the laptop firewall's interfaces are all dynamic address, and fwbuilder therefore can't use the interface netmasks to determine that the address is a broadcast at compile time. This seriously limits fwbuilder's usability on a dynamic address system. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fwbuilder depends on: ii fwbuilder-common 4.1.3-2 Firewall administration tool GUI ( ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libfwbuilder9 [libfwbui 4.1.3-2 Firewall Builder API library ii libgcc1 1:4.6.0-2 GCC support library ii libqt4-dbus 4:4.7.2-3 Qt 4 D-Bus module ii libqt4-network 4:4.7.2-3 Qt 4 network module ii libqtcore4 4:4.7.2-3 Qt 4 core module ii libqtgui4 4:4.7.2-3 Qt 4 GUI module ii libsnmp15 5.4.3~dfsg-2 SNMP (Simple Network Management Pr ii libstdc++6 4.6.0-2 The GNU Standard C++ Library v3 ii libxml2 2.7.8.dfsg-2+b1 GNOME XML library ii libxslt1.1 1.1.26-7+b1 XSLT 1.0 processing library - runt ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages fwbuilder recommends: ii fwbuilder-doc 4.1.3-2 Firewall administration tool GUI d fwbuilder suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
