David Cannings wrote: >>On Tuesday 27 April 2004 13:35, sschlesi@xxxxxxxxx wrote: >> > >>>>I'm trying to stop broadcasts getting forwarded, but I'm not sure how >>>>to do this. i read that *.255 - which are afaik broadcast addresses - > >> >> >>My first question is why are broadcasts getting forwarded anyway? Neither >>ethernet or IP broadcasts should leave your subnet. How and where >>exactly are broadcasts being forwarded? >> my policies are set to -P FORWARD ACCEPT because its just an simple ethernet router, w/o nat and stuff. so i thought iptables'll also forward broadcasts from one net to the other. >> >>IP addresses ending in .255 are not always broadcast addresses. Any >>subnet larger than class C (/24) can span more than one "block" of 256 IP >>addresses. >> > >>>>doesnt guarantie that its a broadcast. then i read that its possible by >>>>matching the mac address, because broadcast will have ff:ff:ff:ff:ff:ff >>>>. but I'm not sure if that's all nonsense. > >> >> >>There is the difference here between an IP broadcast and an ethernet >>broadcast. IP broadcasts are sent to the ethernet broadcast address [1], >>so you may be able to do a MAC match. >> >>According to the manual page I have here, the module "mac" only offers a >>--mac-source option but there are more options in PoM I believe, you may >>want to check the mailing list archives. >> >>David >> >>1- A ping to the broadcast address on a LAN: >>13:44:59.765871 0:10:XX:XX:XX:XX Broadcast ip 98: 192.168.0.100 > >>192.168.0.255: icmp: echo request (DF) >>
