Re: Iptables generic broadcast filter

To: Matthew Kirkwood <matthew@hairy.beasts.org>
Cc: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Iptables generic broadcast filter
From: Alex Ongena <Alex.Ongena@able.be>
Date: 14 Nov 2002 12:29:17 +0100
Message-id: <1037273357.1871.28.camel@aolin>
In-reply-to: <Pine.LNX.4.33.0211131510050.25976-100000@sphinx.mythic-beasts.com>
References: <Pine.LNX.4.33.0211131510050.25976-100000@sphinx.mythic-beasts.com>

You are all right, I must have thought on this before
sending this question..
Thanks
alex
On Wed, 2002-11-13 at 16:12, Matthew Kirkwood wrote:
> On 13 Nov 2002, Alex Ongena wrote:
> 
> > I want to drop all broadcasts on INPUT in a generic way
> > without knowing in advance on which subnet/netmask my
> > appliance is.
> 
> > # iptables -A INPUT -d *.*.*.255 -j DROP
> > # iptables -A INPUT -d *.*.255.255 -j DROP
> > # iptables -A INPUT -d *.255.255.255 -j DROP
> >
> > where * is a wildcard matching any ip.
> 
> Yes.  Netmasks don't need to be contiguous or MSB-aligned:
> 
> # iptables -A INPUT -d 0.0.0.255/0.0.0.255 -j DROP
> 
> will drop anything with an all-ones LSO.
> 
> Matthew.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: Iptables generic broadcast filter
  - From: Matthew Kirkwood <matthew@hairy.beasts.org>

Prev by Date: Firewall bases on iptables for a laptop or PC at work/home
Next by Date: Re: Firewall bases on iptables for a laptop or PC at work/home
Previous by thread: Re: Iptables generic broadcast filter
Next by thread: Re: Iptables generic broadcast filter
Index(es):
- Date
- Thread