I have the same problem. Even after i apply the rules.
This is with both version 0.5.73 and version 0.5.74.alpha2.
Ive also flushed and restarted Vuurmuur without success. I keep getting these anti-spoof rules.
Though this is a problem, the main problem for me is not getting these spoof messages from my internal (LAN, for me 192.168.0.0/16) network. I only get these messages from dhcp from my modem wich is in the 10.0.0.0/8 network-range.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
An example (this is repeated at max lograte at around 2-3 second intervals):
Dec 20 19:28:49: DROP service dhcp from modem.ModemLAN.lan to 255.255.255.255, prefix: "spoof class-a" (in: eth0 10.15.91.129(00:05:5f:ed:b8:21):67 -> 255.255.255.255(ff:ff:ff:ff:ff:ff):68 UDP len:344 ttl:255)
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
Two interfaces:
- LAN: 192.168.70.1
- Inet: 10.10.10.10
One Zone:
- LAN_Zone
One Network
- Main: 192.168.70.0/255.255.255.0
Even if I disable all Anti-Spoofing checkboxes I still get the packets dropped as "Spoof class-c"
when dumping with iptables -L it still shows two "spoof class-c" rules:
192.168.0.0/16 -> 10.10.10.10
192.168.0.0/16 -> 192.168.70.1
Where are these coming from?
Bas
Hi Bas,
After you disabled the spoof rules, did you also apply the changes?
Regards,
Victor
I have the same problem. Even after i apply the rules.
This is with both version 0.5.73 and version 0.5.74.alpha2.
Ive also flushed and restarted Vuurmuur without success. I keep getting these anti-spoof rules.
Though this is a problem, the main problem for me is not getting these spoof messages from my internal (LAN, for me 192.168.0.0/16) network. I only get these messages from dhcp from my modem wich is in the 10.0.0.0/8 network-range.
I think disabling 'class-a' antispoofing in the network that contains the modem should solve this...
Cheers,
Victor
Thats exactly what i thought, and did.
In logview (Traffic.log) it also recognizes the source as being my modem.
I have no anti-spoofing options enabled. To no avail.
BTW, not trying to hijack this thread, but when i tried the version 0.5.74.alpha2 i got the following line generated when i enabled Traffic Shaping:
-I SHAPEOUT -o eth1 -p icmp -m icmp -s 192.168.0.8/255.255.255.255 --scmp-type 8/0 -d 192.168.0.0/255.255.255.0 -m state --state RELATED,ESTABLISHED -j CLASSIFY --set-class 3:11
This resulted in an error when loading this ruleset. iptables doesnt recognize the "--scmp-type", which probably should be "icmp-type".
Just thought i'd let you know.
Can you display an example of the entries in the traffic.log?
The shaping thing is a bug, thanks for the report. I've opened a ticket for it: http://www.vuurmuur.org/trac/ticket/38
An example (this is repeated at max lograte at around 2-3 second intervals):
Dec 20 19:28:49: DROP service dhcp from modem.ModemLAN.lan to 255.255.255.255, prefix: "spoof class-a" (in: eth0 10.15.91.129(00:05:5f:ed:b8:21):67 -> 255.255.255.255(ff:ff:ff:ff:ff:ff):68 UDP len:344 ttl:255)
Thanks.
Could you mail me the output of 'vuurmuur -b' ?