Hervé, I think that you are thinking of 0.0.0.0/0 which is the 'any'
address, not '0.0.0.0/32'.
On 21 March 2014 16:17, Tom Eastep <[email protected]> wrote:
> On 3/21/2014 8:19 AM, Hervé Werner wrote:
> > Hello.
> >
> > I'm was studying the smurf protection and was astonished to see that a
> > RETURN rule without any IP restriction is written first in the chain :
> > -A smurfs -s 0.0.0.0/32 -j RETURN
> > -A smurfs -m addrtype --src-type BROADCAST -g smurflog
> > -A smurfs -s 224.0.0.0/4 -g smurflog
> >
> > That mean that all packets will return and none will go into the
> > smurflog chain (and then be dropped), right ?
>
> No -- that says that if the source IP address is zero, then we return.
> That is necessary in order to not break DHCP.
>
> >
> > I tested the smurf attack to see how Shorewall would behave,
> > unfortunately current Linux kernel considers them to be martians and
> > thus prevent them from reaching Shorewall.
> >
> >
> > I'm also wondering why Shorewall is sometimes using "addrtype MULTICAST"
> > and other times as above "-s 224.0.0.0/4" ?
>
> Just depends on when the code was written.
>
> >
> > Information about my setup : Shorewall version 4.5.21.7 fetched from
> > Debian testing repository.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
