> On Jul 3, 2015, at 19:48, Tom Eastep <[email protected]> wrote: > > On 7/2/2015 1:38 PM, Cyril Lashkevich wrote: >> Hello, >> >> I have a DHCP server running on the firewall. But DHCP requests are >> dropped by rpfilter, when this option is enabled for loc interface: >> >> /etc/shorewall/interfaces >> net enp5s0 rpfilter,dhcp,nosmurfs,logmartians,sourceroute=0 >> loc enp6s0 rpfilter,dhcp,nosmurfs,logmartians >> >> Log: >> Jul 02 23:21:03 Sardegna kernel: Shorewall:rplog:DROP:IN=enp6s0 OUT= >> MAC=ff:ff:ff:ff:ff:ff:78:97:68:45:0d:7f:08:00 SRC=0.0.0.0 >> DST=255.255.255.255 LEN=375 TOS=0x00 PREC=0x00 TTL=64 ID=51364 >> PROTO=UDP SPT=68 DPT=67 LEN=355 >> Jul 02 23:21:07 Sardegna kernel: Shorewall:rplog:DROP:IN=enp6s0 OUT= >> MAC=ff:ff:ff:ff:ff:ff:78:97:68:45:0d:7f:08:00 SRC=0.0.0.0 >> DST=255.255.255.255 LEN=375 TOS=0x00 PREC=0x00 TTL=64 ID=58639 >> PROTO=UDP SPT=68 DPT=67 LEN=355 >> Jul 02 23:21:15 Sardegna kernel: Shorewall:rplog:DROP:IN=enp6s0 OUT= >> MAC=ff:ff:ff:ff:ff:ff:78:97:68:45:0d:7f:08:00 SRC=0.0.0.0 >> DST=255.255.255.255 LEN=375 TOS=0x00 PREC=0x00 TTL=64 ID=59979 >> PROTO=UDP SPT=68 DPT=67 LEN=355 >> >> DHCP works as expected without rpfilter option for the loc interface. >> >> Is it possible to use rpfilter on interfaces, on which DHCP server is >> listening? >> `shorewall dump` is attached. > The attached patch should correct the problem. > > patch /path/to/Shorewall/Misc.pm < RPFILTER.patch > > Regards, > -Tom > > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > <RPFILTER.patch>------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/_______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
Thanks, works fine with patch. ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
