[ previous ] [ next ] [ threads ]
 
 From:  David Rodgers <david dot rodgers at kdsi dot net>
 To:  rjspence at tampabay dot rr dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Non-IP blocking?
 Date:  Mon, 10 May 2004 12:16:07 -0500 
So far I am only using m0n0 at home but I don't see ANYTHING from
outside coming into my network. Is your box running in bridge mode? The
default rule is deny everything already isn't it? or am I a bit daft?

That mac shows up to be either equipment by or oemed from 

http://www.cameo.com.tw/

are you sure you don't have a loop from your outside network in or a
compromised box on the inside spoofing arp? A wireless connection that
isn't secure?

Just throwing a bunch of stuff out there but I am not seeing anything
like this.

David

On Mon, 2004-05-10 at 12:04, rjspence wrote:
> Yeah,
> 
> Arp firewalling would be great. I tried 
> iptables -A INPUT -m mac --mac-source 00:40:f4:11:71:b6 -j DROP
> on iptables internal machine. It too was unsuccessful.  I like a default deny 
> firewall. Just downloaded this today to give a run. It would be nice to block 
> arp/mac/ip as well.
> 
> 
> On Monday 10 May 2004 12:54 pm, Eric Shorkey wrote:
> > ARP firewalling support would be great too. Not a big deal when m0n0wall is
> > in router mode, since ARP is too low in the OSI model, but in bridging mode
> > it would be useful.
> >
> > ----- Original Message -----
> > From: "rjspence" <rjspence at tampabay dot rr dot com>
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Sent: Monday, May 10, 2004 12:50 PM
> > Subject: [m0n0wall] Non-IP blocking?
> >
> > > I did a new cdrom install and ran Iptraf on an internal slack machine.
> > > Immediatly I noticed incoming NON-IP packets coming from this mac address
> > > eth.src == 00:40:f4:11:71:b6 . This was confirmed by ethereal. Does
> >
> > monowall
> >
> > > block mac's or non-ip? I've taken alook at all my mac addresses and the
> >
> > above
> >
> > > mac is not within my network configuration.
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>