Bug 9145

Summary: udp packets not blocked at ppp0
Product: Networking Reporter: Toralf Förster (toralf.foerster)
Component: Netfilter/IptablesAssignee: networking_netfilter-iptables (networking_netfilter-iptables)
Status: REJECTED INVALID    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.23 Subsystem:
Regression: --- Bisected commit-id:
Attachments: udp packets
firewall script
udp packets sniffed with wireshark

Description Toralf Förster 2007-10-12 01:57:48 UTC 
Most recent kernel where this bug did not occur:
Distribution:Gentoo
Hardware Environment:ThinkPad T41
Software Environment:Gentoo Linux
Problem Description:
Although I defined firewall rules to block all incoming UDP packets at interface ppp0 I can capture UDP packets at interface eth0 if eth0 is set into promiscuous mode.

Steps to reproduce:
$>tcpdump udp -i eth0 -s 0 -U -v -w tcpdump_eth0_pm.pcap

I'll attach the captured data as well as the firewall script itself.
Comment 1 Toralf Förster 2007-10-12 01:58:31 UTC 
Created attachment 13123 [details]
udp packets
Comment 2 Toralf Förster 2007-10-12 01:59:02 UTC 
Created attachment 13124 [details]
firewall script
Comment 3 Patrick McHardy 2007-10-12 04:11:43 UTC 
The firewall blocks reception at the IP layer, not at the interface layer.

Please close, invalid.
Comment 4 Toralf Förster 2007-10-13 08:26:12 UTC 
Created attachment 13143 [details]
udp packets sniffed with wireshark

Ok, I'll close this bug  - however I'm wondering why I always get with tcpdump only SSDP packets whereas with wireshark I observed udp messenger packets and others as seen in this attachment.