| View previous topic :: View next topic |
| Author |
Message |
mzet
n00b
Joined: 26 May 2005
Posts: 41
Location: Poland
|
 Posted: Sat Feb 04, 2006 4:32 pm Post subject: iptables in gentoo |
 |
|
| I found in /etc/init.d/net that iptables is started before net (before net in depends function), but is this true? I'm using dhcpcd and after checking it's logs I found that dhcpcd has connected with dhcp server even though in my iptables rules i'm blocking incomming broadcast traffic. |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Sat Feb 04, 2006 5:41 pm Post subject: |
|
|
| The traffic from the DHCP will be unicast, surely. |
|
| Back to top |
|
|
mzet
n00b
Joined: 26 May 2005
Posts: 41
Location: Poland
|
| Posted: Sun Feb 05, 2006 12:22 pm Post subject: |
|
|
| Yeah, You are right it's unicast, only boot state is broadcast (DHCPDISCOVER and DHCPOFFER). My mistake. But even when I'm blocking all the incoming traffic dhcpcd successfully comunicates with dhcp server. Conclusion: firewall doesn't work when it happens. |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Sun Feb 05, 2006 12:35 pm Post subject: |
|
|
| When you say blocking all incoming traffic, do you mean ALL? You don't have an accept related, established rule that would let the packets through? |
|
| Back to top |
|
|
mzet
n00b
Joined: 26 May 2005
Posts: 41
Location: Poland
|
| Posted: Mon Feb 06, 2006 2:56 pm Post subject: |
|
|
| Yup, for testing purposes I commented out all my input rules and set policy to drop. |
|
| Back to top |
|
|
AllenJB
Veteran
Joined: 02 Sep 2005
Posts: 1285
|
| Posted: Mon Feb 06, 2006 3:09 pm Post subject: |
|
|
| mzet wrote: | | Yup, for testing purposes I commented out all my input rules and set policy to drop. |
Did you restart iptables after making these changes?
Allen |
|
| Back to top |
|
|
|
Networking & Security
