Ray Olszewski wrote: > > At 01:03 PM 12/9/01 -0600, Michael D. Schleif wrote: > > > >I want to silently deny all traffic with destination 255.255.255.255, > >regardless of source. > > > >This is in response to: > > > > input DENY eth0 PROTO=17 12.242.20.34:67 255.255.255.255:68 > > > >Is there any protocol or destination port for which these should *not* > >be denied? > ... > > It depends on how your router gets its external address. The example you > gave is a dhcp server replying to an (as yet) unconfigured dhcp client. If > you need to get your external address via dhcp, you need to allow the very > example you provided (assuming eth0 is external).
Yes; but, in the case of Dachstein, the rules are *not* in place until after I negotiate an address for eth0 ;> > Conversely, if your router acts as a dhcp server, it needs to accept the > corresponding sorts of requests from dhcp clients on the relevant interface(s). > > I believe the Windows sharing services -- the ones that run on port 137-139 > -- make some use of broadcast addresses as well. I don't run them here so > cannot recall details. > > Unless you want to respond to broadcast pings (and why would you?), I can't > think of any other common services that use broadcast IP packets. This entry in /etc/ipchains.input appears to do as I need: $IPCH -I input -j DENY -p all -s 0/0 -d 255.255.255.255 -i $EXTERN_IF One thing that concerns me is this statement from man ipchains: ``The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.'' Do I need to specify /32? At this point, I do not know what else can come to me for 255.255.255.0/24 -- so, I'm trying to be careful in what I deny. If 255.255.255.255 is noise, regardless of port, protocol & source, then I'm all for keeping it out of my logs . . . What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
