[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Paul Dugas <paul at dugas dot cc>
 Cc:  m0n0wall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Block IGMP
 Date:  Mon, 06 Jun 2005 21:30:42 +0200
Am Montag, den 06.06.2005, 13:00 -0400 schrieb Paul Dugas:
> Am I interpreting this right?  I think it's this rule?
> 
>    @3 block in log quick from any to any with ipopt
> 
> I've also grabbed the packets via ethereal and attached the decode.  If
> I'm reading the man page on ifp/ipopt and the ethereal dumps correctly,
> m0n0 doesn't want any IP Options but the packets have a "Router Alert" bit
> set.
I agree with you, that this is the cause of your troubles. There isn't
any other way than globally disabling the logging of packets blocked by
the default rule. Sure, you can still make your own image :-(

My suggestion is, that we should allow to add incoming rules before the
default ones (for experts only, maybe no GUI for it). Don't know if and
how this would be possible to implement, but I can look through it, if
my time allowes it.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Whip me. Beat me. Make me maintain AIX.  --
 Peter Allgeyer | 0(o_o)0   Stephan Zielinski
---------------oOO--(_)--OOo-----------------------------------------------