Re: [m0n0wall] possible bugs in 1.2b5 generic PC

From:	Manuel Kasper <mk at neon1 dot net>
To:	klode dash m0n0wall at cedara dot com
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] possible bugs in 1.2b5 generic PC
Date:	Fri, 25 Feb 2005 11:02:29 +0100

On 24.02.2005 22:17 -0500,  wrote:

> Problem: m0n0wall DHCP log timesamps
>        I'm in America/Montreal timezone (currently 14:34), yet
>        "Diagnostics->DHCP leases" shows "2005/02/24 19:31:29" (five
>        hours later) as the start time of the most recent lease.
> Looks        like it's displaying GMT...or maybe I'm on drugs.

Yep, isc-dhcpd keeps the timestamps in its lease in GMT, and m0n0wall
doesn't currently attempt to convert them.

>             1) IGMP packets still cause log entries, regardless of
>                the block/reject rule
>             2) In the rules display, the "X" icon is red, denoting
>                "block", even when I've set the rule to "reject".
>                Note that other rules which block UDP broadcasts
>                correctly show the "X" icon in orange when I change
>                them to "reject".

The rule edit page says: "Reject only works when the protocol is set
to either TCP or UDP (but not "TCP/UDP") below.", so it's not that
confusing actually. If it's not TCP or UDP, "reject" simply becomes
"block". - I'm not sure why other protocols aren't allowed with ICMP
(the reject stuff was contributed), because that would actually work
with ipfilter, but "TCP/UDP" definitely doesn't because ipfilter will
only accept return-rst when proto = tcp.

- Manuel