[Firehol-support] How to allow traffic from an IP range?

Wojtek Swiatek w at swtk.info
Mon Jul 30 19:45:52 BST 2018


Hello everyone

I have a working installation of firehol (which replaced with success
shorewall) and there is one element missing. The topology is the following

fiber -- internet box (192.168.0.11) -- TV box (192.168.0.15)
                                                       -- PC (interface
int0 = 192.168.0.10)

I get a lot of messages telling me that the box is sending some packets
which are dropped at int0:

IN-internet:IN=int0 OUT= MAC=01:00:5e:7f:ff:fa:18:1e:78:82:e6:f5:08:00
SRC=192.168.0.11 DST=239.255.255.250 LEN=32 TOS=0x00 PREC=0x80 TTL=1 ID=0
DF PROTO=2

They re dropped correctly as there is no reason for them to wander in the
networks behind int0 but the logging is annoying and useless.

Is there a way to state: "packets coming from 192.168.0.0/24 and which are
blocked should not be logged"?



More information about the Firehol-support mailing list