Rainer Dorsch wrote: > > loc eth0 detect tcpflags,nosmurfs,detectnets > > which had a detectnets. > > loc eth0 detect tcpflags,nosmurfs > > works well. > > The documentation says > > # detectnets - Automatically taylors the zone named > # in the ZONE column to include only those > # hosts routed through the interface. > > Seems that this also affected the broadcast packets (dhcpdiscover). Is > removing the detectnets the recommended solution?
Yes. The 'detectnets' option was a really bad idea and has been removed from Shorewall-perl. Consequently, if you ever migrate to Shorewall 4.0 with Shorewall-perl, you will have no choice but to delete the option anyway. The problem is not the broadcast address itself but the fact that DHCPDISCOVER packets have SOURCE IP address 0. That address won't be in any detected zone. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
