Re: iptables not logging or dhcp-client lying?
Gabor Kovacs <koga@webigen.com> writes:
> Olaf Meeuwissen wrote:
>
> > Basically, I'd like to keep the setup as closed as possible so I make
> > a hole in /etc/dhclient-enter-hooks during the PREINIT stage to let
> > the DHCPDISCOVER broadcast out (and a reply back in eventually, taking
> > this one step at a time ;-). At least, that's what I thought I should
> > do, but I noticed that packets are not logged!
>
> I think (but not sure) DHCP client is using (so called) raw sockets
> which are below the layer where iptables is in the kernel. That's why
> iptables is unable to see the packets.
Looks like you are right. I set all built-in chains to LOG and a DROP
policy (no other rules) and my interface configures fine. Once it is
up there's an incessant stream of logged packets (mainly win-DoS hosts
letting everyone know who and where they are by shouting all over the
subnet and, occasionally, beyond).
Oh well, I guess I can forget about making and plugging holes for the
DHCPDISCOVER (and probably DHCPREQUEST) requests and their replies.
That makes my job easier, but I guess the docs then need a fix ;-)
Thanks,
--
Olaf Meeuwissen Epson Kowa Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
LPIC-2 -- I hack, therefore I am -- BOFH
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: