Shorewall users - Jul 2004 - Broadcast on bridging interface always reject

Hello !

Relevant information for my setup:

/etc/shorewall/interfaces:
#ZONE    INTERFACE      BROADCAST       OPTIONS
#
-       ppp0            -               tcpflags,blacklist
-       wlanbr          192.168.100.255 dhcp

/etc/shorewall/hosts:
#ZONE           HOST(S)                         OPTIONS
gw              ppp0:192.168.1.0/24,XXX.XXX.XXX.XXX/26
net             ppp0:0.0.0.0/0
loc             wlanbr:eth0                     nosmurfs
wlan            wlanbr:wlan0                    maclist,nosmurfs

/etc/shorewall/rules
[...]
# Supress CUPS browsing
REJECT          $FW     wlan            udp     63
[...]
# Supress CUPS browsing
REJECT          wlan    $FW             udp     631
[...]
# Allow cups broadcast to local net
ACCEPT          $FW     loc             udp     631

My problem: The cups (printing system) server that sends out 
announcements as broadcasts fills up my log files with these rejects:

Shorewall:INPUT:REJECT:IN=wlanbr OUT= MAC= SRC=192.168.100.5 
DST=192.168.100.255 LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=4607 DF 
PROTO=UDP SPT=631 DPT=631 LEN=131

Now my interface wlanbr is not really bound to a shorewall zone... So 
which rule can I specify to at least have no more log entries ?

-- 
__________________________________________________

Ralf Schenk

Databay AG
Hüttenstraße 7
D-52068 Aachen
www.databay.de

Databay - einfach machen.

_________________________________________________

Ralf Schenk wrote:
> Hello !
> 
> Relevant information for my setup:
> 
> /etc/shorewall/interfaces:
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> #
> -       ppp0            -               tcpflags,blacklist
> -       wlanbr          192.168.100.255 dhcp
> 
> /etc/shorewall/hosts:
> #ZONE           HOST(S)                         OPTIONS
> gw              ppp0:192.168.1.0/24,XXX.XXX.XXX.XXX/26
> net             ppp0:0.0.0.0/0
> loc             wlanbr:eth0                     nosmurfs
> wlan            wlanbr:wlan0                    maclist,nosmurfs
> 
> /etc/shorewall/rules
> [...]
> # Supress CUPS browsing
> REJECT          $FW     wlan            udp     63
> [...]
> # Supress CUPS browsing
> REJECT          wlan    $FW             udp     631
> [...]
> # Allow cups broadcast to local net
> ACCEPT          $FW     loc             udp     631
> 
> My problem: The cups (printing system) server that sends out 
> announcements as broadcasts fills up my log files with these rejects:
> 
> Shorewall:INPUT:REJECT:IN=wlanbr OUT= MAC= SRC=192.168.100.5 
> DST=192.168.100.255 LEN=151 TOS=0x00 PREC=0x00 TTL=64 ID=4607 DF 
> PROTO=UDP SPT=631 DPT=631 LEN=131
> 
> Now my interface wlanbr is not really bound to a shorewall zone... So 
> which rule can I specify to at least have no more log entries ?
> 
All interfaces *must* be defined to Shorewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net