Hi all,
I got 3 IPs in one interface (ip addr add, not aliasing), and wanted to only allow unicast packets to any of them (and/or their subnet in one case, to allow broadcasts for the local net).
Aim: no broadcasts, no multicast, spoofing prevention?.
You can't have multiple -d in rules. My quick solution was 3 tables (this is a sample):
iptables -N ta iptables -N tb iptables -N tc
iptables -A tc -d ! $ip3 -j DROP iptables -A tb -d ! $ip2 -j tc iptables -A ta -d ! $ip1 -j tb
iptables -A INPUT -j ta
It works, much junk stays out. All services work.
From the list point of view, is this insane(a) stupid(b) or clever(c)? and why?
Cheers, /lc
