On Tuesday 15 February 2005 19:15, Jason Opperisano wrote: > On Sun, Feb 13, 2005 at 09:28:41AM +0300, Mikhail Zotov wrote: > > I have a Linux machine (with a static routable IP address) > > connected to a windoops LAN. As is known, there is certain > > "noise" in windoops networks, which can be silently dropped > > by a rule like this: > > > > iptables -A INPUT -p udp --dport 135:139 -j DROP > > > > I have found that this "noise" can also be effectively blocked > > by the following rule: > > > > iptables -A INPUT -d ! $IP.ADDRESS.OF.MY_BOX -j DROP [snip] > you can also use the pkttype match to drop broadcast/multicast traffic, > without having to calculate the broadcast address for every interface, > and having another rule for the all-ones broadcast: > > -m pkttype --pkt-type broadcast -j DROP > -m pkttype --pkt-type multicast -j DROP > > -j Great. Thanks a lot for the idea. These rules call another question: Are broadcast/multicast messages used in Linux/UNIX or other than windoops networks? If so, will not these rules break anything? I haven't seen such rules in any iptables guides/scripts available in the Internet. Regards, Mikhail
