Brian Marshall <> wrote:

> I'm trying to learn if shorewall can drop/reject PPP LCP traffic.
> I have a Bering/LEAF setup running shorewall and also pppoe for shared DSL 
> connection.  'loc' is eth1, 'net' is ppp0/eth0

> One of the machines in 'loc' zone has an unknown application running that 
> manages to send LCP TERMREQ commands that shutdown the pppoe link, which 
> obviously affects all users.

Presumably there's no problem blocking all PPPoE traffic from the loc zone ?

As I understand it, LCP is embedded in PPP packets - so simply blocking all PPP 
packets from the loc zone should do it. While looking for good information to 
supplement my rather vague and hazy memory, I found this which seems very good 
at explaining how it all fits together :

Shorewall-users mailing list

Reply via email to