Gáspár Lajos wrote:
Gerard París Aixalà wrote:
I tried this.
And this:
iptables -t mangle -I PREROUTING -d 225.0.0.4 -j DROP #
225.0.0.4 is the multicast address
iptables -t mangle -I PREROUTING -j DROP
But the multicast traffic still arrives at the destination computer.
How do you know that the traffic arrives ??? :) If you see it with
some sniffer programs (tetheral) then that is fake because those
programs see the packets BEFORE they reach the filtering system.
You can not tell a packet not to enter your network card... :D
BTW.: What does the counters of the packets matching your rules says
??? (iptables -L -v -n -t mangle)
I was using a multicast traffic generator (source and receiver). The
receiver showed the packets as they arrived.
After sending 48 multicast packets the counters say the following:
Chain PREROUTING (policy ACCEPT 3 packets, 724 bytes)
pkts bytes target prot opt in out source
destination
48 56256 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 MAC 00:06:5B:13:4A:69
It seems all the packets were dropped, but the receiver application sees
them (it maybe acts like a sniffer).
I changed the application and tried VLC. With those rules, multicast
traffic was blocked.
Thanks,
Gerard
