On Wed, 2005-02-16 at 02:34, Mikhail Zotov wrote: > > -m pkttype --pkt-type broadcast -j DROP > > -m pkttype --pkt-type multicast -j DROP > > > > -j > > Great. Thanks a lot for the idea. These rules call another question: > Are broadcast/multicast messages used in Linux/UNIX or other than > windoops networks? If so, will not these rules break anything? > I haven't seen such rules in any iptables guides/scripts available in > the Internet. i usually put rules like this at the end of chains; before the log rule, as part of a "no_log" chain, to keep the noise out of the logs. so if you needed to allow certain broadcast or multicast traffic, you would do it before these rules. on a dedicated firewall machine, the only thing i can think of would be if the machine is a DHCP server or client (or both)--though the broadcast part of that conversation *should* be at the BPF level and not require firewall rules. -j -- "Lisa, Vampires are make-believe, like elves, gremlins, and eskimos." --The Simpsons
