On Tue, 24 Aug 2004, Jason J. Ellingson wrote:
> 
> I have a /28 IP block
> 
> WAN and DMZ are bridged (filtered bridge)
> LAN and DMZ are on same switch (all my servers have both a 192.x.x.x IP and
> a real IP)
> 
> LAN has two rules:
> FROM 192.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> DMZ has similar rules:
> FROM 209.x.x.x * TO * * ALLOW NOLOG
> FROM * * TO * * BLOCK NOLOG
> 
> I added the two blocks without logging because the switch sometimes still
> sends packets out all its ports... so the LAN port sees a DMZ packet on
> occasion.
> 
> Here's the problem... m0n0wall is still logging the 209.x.x.x packets that
> show up on the LAN port instead of not logging them like it should.
> 
> Same for DMZ... it logs seeing 192.x.x.x packets.

It sounds like it's running afoul of internal "anti-spoofing" rules.  You
can check by looking at what rule # is being blamed for the log entry.  If
so, the only way to get rid of the logging is to disable the "default
rule" logging.

					Fred Wright