Re: Iptables generic broadcast filter
On 13 Nov 2002, Alex Ongena wrote:
> I want to drop all broadcasts on INPUT in a generic way
> without knowing in advance on which subnet/netmask my
> appliance is.
> # iptables -A INPUT -d *.*.*.255 -j DROP
> # iptables -A INPUT -d *.*.255.255 -j DROP
> # iptables -A INPUT -d *.255.255.255 -j DROP
> where * is a wildcard matching any ip.
Yes. Netmasks don't need to be contiguous or MSB-aligned:
# iptables -A INPUT -d 0.0.0.255/0.0.0.255 -j DROP
will drop anything with an all-ones LSO.