Charly thanks for your help, I implemented your mentioned solution and it works
greatly.
Little remarks for those who tried to do it:
> Create yourself a custom template fragment to deny those packets silently.
>
> cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
> cat > 25IgnoreRIPBroadcast <<EOF
> # deny without logging local RIP broadcasts
> /sbin/ipchains --append input --protocol udp --source
> 141.51.158.21 route \
> --destination 141.51.158.255 route --jump deny
"--jump deny" must be written in capital letters --> "--jump DENY"
> EOF
> /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
Without the "/" in front of the path -->
/sbin/e-smith/expand-template etc/rc.d/init.d/masq
And had to delete "/etc/rc.d/init.d/masq" before because I got several "masq.xxxx"
(xxxx=different numbers) after several expand tries after errors. Take care that no
other files (e.g. 25IgnoreRIPBroadcast~ as a backup file) in the directory which will
be expanded.
> chmod +x /etc/rc.d/init.d/masq
> /etc/rc.d/init.d/masq restart
Added two more files for netbios-dgm and netbios-ns messages:
25IgnoreNETBIOS-dgmBroadcast:
# deny without logging local Netbios-dgm broadcasts
/sbin/ipchains --append input --protocol udp --source \
141.51.158.0/255.255.255.0 netbios-dgm --destination 141.51.158.255 netbios-dgm --jump
DENY
25IgnoreNETBIOS-nsBroadcast:
# deny without logging local NETBIOS-ns broadcasts
/sbin/ipchains --append input --protocol udp --source \
141.51.158.0/255.255.255.0 netbios-dgm --destination 141.51.158.255 netbios-dgm --jump
DENY
/sbin/ipchains --append input --protocol tcp --source \
141.51.158.0/255.255.255.0 netbios-dgm --destination 141.51.158.255 netbios-dgm --jump
DENY
141.51.158.0 should be your external NIC Address.
I guess the variable "ExternalIP" from /home/e-smith/configuration is also usable
their but didn't try that.
Michael Jung
