[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables generic broadcast filter

On 13 Nov 2002, Alex Ongena wrote:

> I want to drop all broadcasts on INPUT in a generic way
> without knowing in advance on which subnet/netmask my
> appliance is.

> # iptables -A INPUT -d *.*.*.255 -j DROP
> # iptables -A INPUT -d *.*.255.255 -j DROP
> # iptables -A INPUT -d *.255.255.255 -j DROP
>
> where * is a wildcard matching any ip.

Yes.  Netmasks don't need to be contiguous or MSB-aligned:

# iptables -A INPUT -d 0.0.0.255/0.0.0.255 -j DROP

will drop anything with an all-ones LSO.

Matthew.
Reply to: