[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-svn
Subject:    [Ipcop-svn] SF.net SVN: ipcop:[5365]
From:       owes () users ! sourceforge ! net
Date:       2011-01-22 22:19:24
Message-ID: E1Pglno-0007ST-Vp () sfp-svn-3 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 5365
          http://ipcop.svn.sourceforge.net/ipcop/?rev=5365&view=rev
Author:   owes
Date:     2011-01-22 22:19:24 +0000 (Sat, 22 Jan 2011)

Log Message:
-----------
If a DHCP client wants responses via broadcast, the (dnsmasq) response works but is \
logged in the firewall log. Add a special rule to silently ignore dhcp broadcast \
responses.

Modified Paths:
--------------
    ipcop/trunk/src/scripts/puzzleFwRules.pl

Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl	2011-01-22 21:39:01 UTC (rev 5364)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl	2011-01-22 22:19:24 UTC (rev 5365)
@@ -981,6 +981,8 @@
             foreach $protoPort (@serviceXYZ) {
                 &prepareRule("-A FW_IPCOP -i $FW::interfaces{$inIface}{'IFACE'} \
$protoPort -j ACCEPT");  }
+            # Add a firewall log filter for DHCP broadcast responses
+            &prepareRule("-A FW_IPCOP -i $FW::interfaces{$inIface}{'IFACE'} -p udp \
--sport 67 --dport 68 -j DROP");  
             if ($ifacePolicies{$inIface}{'ADDRESSFILTER'} eq 'on') {
                 $doUpdateWirelessRules = 1;
@@ -1032,6 +1034,8 @@
             # Some IPCop services for Green
             if ($FW::interfaces{$inIface}{'COLOR'} =~ /^GREEN_COLOR$/) {
                 @ipcopServices = ('IPCop dhcp', 'IPCop dns', 'IPCop ntp', 'IPCop \
proxy', 'IPCop http', 'Ping'); +                # Add a firewall log filter for DHCP \
broadcast responses +                &prepareRule("-A FW_IPCOP -i \
$FW::interfaces{$inIface}{'IFACE'} -p udp --sport 67 --dport 68 -j DROP");  }
             # Some IPCop services for Blue (DHCP, IPsec, OpenVPN are already opened \
above)  if ($FW::interfaces{$inIface}{'COLOR'} =~ /^BLUE_COLOR$/) {


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic