On Tue, Aug 07, 2007 at 07:18:34AM -0700, Tom Eastep wrote: > Adrian Mak wrote: > > My firewall is using shorewall 3.0.x and CentOS > > Recently, I found that firewall is attaching from ARP spoofing.. > > There are a lot of "out of socket memory" in messages log > > Shorewall has no capability to filter ARP frames. That must be done using > the 'arpfilter' utility.
Not that it's likely to help you much, as it's impossible for the receiving host to tell which ARP packets are spoofed. ARP always originates on the local network, so look at which interface it is coming from, follow the wire, find the person responsible and hit them repeatedly until they stop. It may be an out-of-control zeroconf device or something trying to use RARP and failing. Printers are common offenders, as their network stacks universally suck. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
