Shorewall users - Oct 2004 - builtin action dropBcast - How to disable? - I''m not subscribed to the mailing list

Hi all,
I''m using Fedora Core 2, kernel 2.6.5. I''ve
installed shorewall 2.1.9 from rpm package.
 It seems that there is a builtin action called
"dropBcast" drops all broadcast packages on my
ethernet interfaces base on package type
"pkttype=broadcast". For a particular reason, I
need all traffics of broadcast packages are
allowed to pass my ethernet interfaces.
 I''ve searched for days on shorewall''s
FAQ,troubleshooting information, errata and
mailing list archives as well, but couldn''t find
the answer. Therefore, I write you to ask for
help. Please guide me how to allow broadcast
traffice on my system. Thank you very much for
your help.
 Best regards,
Le Ngoc My
(I am not subscribled to the mailing list) 



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

Look in /usr/share/shorewall that is probably where the files are.  you 
will need to remove dropBcast from the action.Drop and action.Reject.

Todd

Le wrote:
> Hi all,
>  I''m using Fedora Core 2, kernel 2.6.5. I''ve
> installed shorewall 2.1.9 from rpm package.
>  It seems that there is a builtin action called
> "dropBcast" drops all broadcast packages on my
> ethernet interfaces base on package type
> "pkttype=broadcast". For a particular reason, I
> need all traffics of broadcast packages are
> allowed to pass my ethernet interfaces.
>  I''ve searched for days on shorewall''s
> FAQ,troubleshooting information, errata and
> mailing list archives as well, but couldn''t find
> the answer. Therefore, I write you to ask for
> help. Please guide me how to allow broadcast
> traffice on my system. Thank you very much for
> your help.
>  Best regards,
> Le Ngoc My
> (I am not subscribled to the mailing list) 
> 
> 
> 
> 		
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

Todd wrote on 07/10/2004 01:24:12:

> Look in /usr/share/shorewall that is probably where the files are.  you 
> will need to remove dropBcast from the action.Drop and action.Reject.
I think you should not change anything directly into /usr/share/shorewall, 
or else you could loose it in the next upgrade.  You should copy the files 
action.Drop and action.Reject to your /etc/shorewall directory and make 
the changes there.
> 
> Todd
> 
> Le wrote:
> > Hi all,
> >  I''m using Fedora Core 2, kernel 2.6.5. I''ve
> > installed shorewall 2.1.9 from rpm package.
> >  It seems that there is a builtin action called
> > "dropBcast" drops all broadcast packages on my
> > ethernet interfaces base on package type
cheers,

________________________
Eduardo Ferreira
Icatu Holding S.A.
Supervisor de TI
(5521) 3804-8606

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eduardo Ferreira wrote:
> Todd wrote on 07/10/2004 01:24:12:
>
>
>
>>Look in /usr/share/shorewall that is probably where the files are.  you
>>will need to remove dropBcast from the action.Drop and action.Reject.
>
> I think you should not change anything directly into
/usr/share/shorewall,
> or else you could loose it in the next upgrade.  You should copy the
files
> action.Drop and action.Reject to your /etc/shorewall directory and make
> the changes there.
>
>>Todd
>>
>>Le wrote:
>>
>>>Hi all,
>>> I''m using Fedora Core 2, kernel 2.6.5. I''ve
>>>installed shorewall 2.1.9 from rpm package.
>>> It seems that there is a builtin action called
>>>"dropBcast" drops all broadcast packages on my
>>>ethernet interfaces base on package type
>
>
This whole thread is off-base. I seem to have to explain this every
month or so but here goes again.

The ''Reject'' and ''Drop'' common actions are
*ONLY THERE TO AVOID LOG
CLUTTER*. They are only invoked *JUST BEFORE THE PACKET IS GOING TO BE
REJECTED OR DROPPED ANYWAY*. So removing dropBast from Drop and Reject
*WILL ONLY CAUSE THESE REJECTED AND DROPPED BROADCASTS TO BE LOGGED*
thereby filling your log with useless messages.

*IN NO CASE DO THESE ACTIONS CAUSE TRAFFIC TO BE DROPPED/REJECTED THAT
WOULD NOT BE DROPPED/REJECTED ANYWAY*

So whatever the original poster''s problem with broadcasts is, it
*ISN''T
THE COMMON ACTIONS*.

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBZV52O/MAbZfjDLIRAtqrAJ9xss5s7ogSHusWNcCkjEHJ0NFH0ACeN2QI
Wvknecs399GoFzZ+L7kMmSo=3j7f
-----END PGP SIGNATURE-----