Gáspár Lajos wrote:
Martijn Lievaart írta:
Gerard París Aixalà wrote:
Martijn Lievaart wrote:
Gerard París Aixalà wrote:
Hello all,
/sbin/iptables -t mangle -A PREROUTING -m mac --mac-source
00:06:5B:12:C9:7A -j DROP
/sbin/iptables -t mangle -A PREROUTING -m mac --mac-source
00:06:5B:13:4A:69 -j DROP
These rules drop Unicast traffic but they do not drop Multicast
traffic.
Multicast traffic is sent to specific multicast MAC adresses.
Learn how multicast works and drop the corresponding MAC addresses.
(No I don't have a link handy, tcp/ip illustrated would be a good,
but pricy source).
HTH,
M4
I know how multicast works, but I want to drop packets with the
specified MAC source adresses. In multicast, the source address is
always a real one, to identify which computer the packet came from
(the destination address, both MAC and IP, is a special one).
<blush> Oops, my bad. Should read better. Sorry, Can't help you
there. If you don't get a reply on this list in a few days, maybe ask
netfilter-devel, because this looks like a bug.
M4
Try this:
iptables -t mangle -A PREROUTING -j DROP -m mac --mac-source
XX:XX:XX:XX:XX:XX -m pkttype --pkt-type multicast
I tried this.
And this:
iptables -t mangle -I PREROUTING -d 225.0.0.4 -j DROP # 225.0.0.4
is the multicast address
iptables -t mangle -I PREROUTING -j DROP
But the multicast traffic still arrives at the destination computer.
