Brian Marshall <brian351...@yahoo.com> wrote:

> I'm trying to learn if shorewall can drop/reject PPP LCP traffic.
> 
> I have a Bering/LEAF setup running shorewall and also pppoe for shared DSL 
> connection.  'loc' is eth1, 'net' is ppp0/eth0

> One of the machines in 'loc' zone has an unknown application running that 
> manages to send LCP TERMREQ commands that shutdown the pppoe link, which 
> obviously affects all users.

Presumably there's no problem blocking all PPPoE traffic from the loc zone ?

As I understand it, LCP is embedded in PPP packets - so simply blocking all PPP 
packets from the loc zone should do it. While looking for good information to 
supplement my rather vague and hazy memory, I found this which seems very good 
at explaining how it all fits together :
http://www.tcpipguide.com/free/t_PointtoPointProtocolPPP.htm


------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to