On Wednesday 16 February 2005 16:28, Jason Opperisano wrote: > On Wed, 2005-02-16 at 02:34, Mikhail Zotov wrote: > > > -m pkttype --pkt-type broadcast -j DROP > > > -m pkttype --pkt-type multicast -j DROP > > > > > > -j > > > > Great. Thanks a lot for the idea. These rules call another question: > > Are broadcast/multicast messages used in Linux/UNIX or other than > > windoops networks? If so, will not these rules break anything? > > I haven't seen such rules in any iptables guides/scripts available in > > the Internet. > > i usually put rules like this at the end of chains; before the log rule, > as part of a "no_log" chain, to keep the noise out of the logs. so if > you needed to allow certain broadcast or multicast traffic, you would do > it before these rules. on a dedicated firewall machine, the only thing > i can think of would be if the machine is a DHCP server or client (or > both)--though the broadcast part of that conversation *should* be at the > BPF level and not require firewall rules. I see. I have these `noise-filtering' rules at the beginning of the script (http://slackfire.narod.ru) because I am afraid to break something I am not aware about yet. :-) Another reason for having them at the beginning is that there are at least a thousand of MS broadcasts every day in our LAN. Still, I see your point now and will study how these rules will work being moved to the end of the script. Thanks a lot for the explanation! Regards, Mikhail
