--- /sbin/SuSEfirewall2.orig	Sun Mar 24 07:24:47 2002
+++ /sbin/SuSEfirewall2	Mon Sep  9 18:31:39 2002
@@ -61,6 +61,8 @@
 test "$1" = file && FWCONFIG="$2"
 test "$2" = file && FWCONFIG="$3"
 
+FW_NOLOG_DROP_ROUTING=""
+
 test -z "$1" -o "$1" = file -o "$1" = start -o "$1" = test -o "$1" = debug && {
     #test -e /etc/rc.config && . /etc/rc.config
     test -e /etc/sysconfig/network/config && . /etc/sysconfig/network/config
@@ -263,6 +265,15 @@
     exit 0
 }
 test "$1" = status && {
+    ## VK: make the rule listing more readable
+    sep="" IPTABLES="log $IPTABLES" NL="
+"
+    log() {
+    	echo -n "$sep"
+	echo "***** $@ : *****"
+	"$@"
+	sep="$NL$NL"
+    }
     $IPTABLES -L -nv
     $IPTABLES -t nat -L -nv
     $IPTABLES -t mangle -L -nv
@@ -456,6 +467,9 @@
 # Logging setup
 LOG="--log-level warning --log-tcp-options --log-ip-options --log-prefix SuSE-FW"
 test -z "$FW_LOG" || LOG="$FW_LOG"
+# VK:
+# explicitly initialise LXX (may be used uninitialised otherwise):
+LDC="" LAC="" LDA="" LAA=""
 test "$FW_LOG_DROP_CRIT" = no -o "$FW_LOG_DROP_ALL" = yes && LDC=":"
 test "$FW_LOG_ACCEPT_CRIT" = no -o "$FW_LOG_ACCEPT_ALL" = yes && LAC=":"
 test "$FW_LOG_DROP_ALL" = yes || LDA=":"	# it might look weird - a ":"
@@ -677,15 +691,25 @@
     done
 }
 
-###############################################################
-# Anti Spoofing/Cirumvention protection - interface dependent #
-###############################################################
+################################################################
+# Anti Spoofing/Circumvention protection - interface dependent #
+################################################################
 for DEV in $FW_DEV_INT; do
     for IP in $DEV_EXT; do
         $IPTABLES -A INPUT -j LOG ${LOG}"-NO_ACCESS_INT->FWEXT "  -i $DEV -d $IP
 	$IPTABLES -A INPUT -i $DEV -d $IP -j "$DROP"
     done
 done
+## Suppress logging of some router/cable modem broadcasts of given protocols
+# This doesn't really seem to fit into fw_custom_before_antispoofing?
+# E.g. FW_NOLOG_DROP_ROUTING="2 89" to drop igmp and ospf router broadcasts
+# without logging them.
+# 3 Apr; 9 Sep 2002  -VK <VolkerKuhlmann@gmx.de>
+test -n "$FW_NOLOG_DROP_ROUTING" && {
+    for PROTO in $FW_NOLOG_DROP_ROUTING; do
+	$IPTABLES -A INPUT -j "$DROP" -d 224.0.0.0/24 -p $PROTO
+    done
+}
 # anything which is now not in the input_* chains is evil
 test -z "$LDC" -o -z "$LDA" && $IPTABLES -A INPUT -j LOG ${LOG}"-UNAUTHORIZED-TARGET " 
 $IPTABLES -A INPUT -j "$DROP"