Re: iptables igmp evil protocol!
On Sun, Aug 19, 2001 at 10:46:00PM +0000, john smith wrote:
> I would like to know how to drop or deny igmp multicast protocols. because
> of this annoying console message "SRC=209.247.5.159 DST=224.0.0.1 LEN=28
> TOS=0x00 PREC=0x00 TTL=1 ID=16163 PROTO=2".
> Adding *any* of the lines below in my firewall script doesn't do what it's
> supposed to do.
>
> $IPT -A OUTPUT -s 209.247.5.159 -j DROP
> $IPT -A INPUT -s 209.247.5.159 -j DROP
> $IPT -A INPUT -p igmp -d 244.0.0.1 -j DROP
$IPT -A INPUT -s 224.0.0.0/4 -j DROP
$IPT -A INPUT -d 224.0.0.0/4 -j DROP
and you'll never receive a igmp/multicast packet again
another solution : disable multicasting in the kernel by recompiling
without multicast support, so kernel will not accept any igmp packet or any
packet to multicast net ( 224.0.0.0/4 )
hope this will solve your problem
Samuele
--
Samuele Tonon <samu@linuxasylum.net>
Undergraduate Student of Computer Science at University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
Acid -- better living through chemistry.
Timothy Leary
Reply to: