On Tue, 16 Sep 2003, Ray Olszewski wrote: > Matt (and Tom) -- > > I'm perhaps a bit hazy on my RFC1918 rules, but the Shorewall list I see > Matt reporting includes a lot of Class A blocks that I did not know were > part of the RFC1918 exclusions. One of them is what is catching the example > packet Matt posts. > > The example packet is: > > Sep 16 09:12:31 hub kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1 > SRC=82.82.76.144 DST=10.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=29083 > DF PROTO=TCP SPT=4535 DPT=6885 WINDOW=30370 RES=0x00 SYN URGP=0 > > The rule that catches it is this one, which matches the *source* address: > > 209 11072 logdrop ah -- * * 82.0.0.0/7 0.0.0.0/0 >
The 'norfc1918' option also requests from unallocated address blocks. If you don't upgrade your Shorewall version for 9-10 months, you get this sort of problem. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
