Ralf Schenk wrote:> Hello !
>
> Relevant information for my setup:
>
> /etc/shorewall/interfaces:
> #ZONE INTERFACE BROADCAST OPTIONS
> #
> - ppp0 - tcpflags,blacklist
> - wlanbr 192.168.100.255 dhcp
>
> /etc/shorewall/hosts:
> #ZONE HOST(S) OPTIONS
> gw ppp0:192.168.1.0/24,XXX.XXX.XXX.XXX/26
> net ppp0:0.0.0.0/0
> loc wlanbr:eth0 nosmurfs
> wlan wlanbr:wlan0 maclist,nosmurfs
>
> /etc/shorewall/rules
> [...]
> # Supress CUPS browsing
> REJECT $FW wlan udp 63
> [...]
> # Supress CUPS browsing
> REJECT wlan $FW udp 631
> [...]
> # Allow cups broadcast to local net
> ACCEPT $FW loc udp 631
>
> My problem: The cups (printing system) server that sends out
> announcements as broadcasts fills up my log files with these rejects:
>
> Shorewall:INPUT:REJECT:IN=wlanbr OUT= MAC= SRC=192.168.100.5
> DST=192.168.100.255 LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=4607 DF
> PROTO=UDP SPT=631 DPT=631 LEN=131
>
> Now my interface wlanbr is not really bound to a shorewall zone... So
> which rule can I specify to at least have no more log entries ?
>
All interfaces *must* be defined to Shorewall.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net