[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: how to stop broadcasts using iptables
From:       Alexander Samad <alex () samad ! com ! au>
Date:       2004-04-28 0:11:37
Message-ID: 20040428001137.GB10829 () samad ! com ! au
[Download RAW message or body]


On Tue, Apr 27, 2004 at 01:50:11PM +0100, David Cannings wrote:
> On Tuesday 27 April 2004 13:35, sschlesi@chello.at wrote:
> > I'm trying to stop broadcasts getting forwarded, but I'm  not sure how
> > to do this. i read that *.255 - which are afaik broadcast addresses -
> 
> My first question is why are broadcasts getting forwarded anyway?  Neither 
> ethernet or IP broadcasts should leave your subnet.  How and where 
> exactly are broadcasts being forwarded?

maybe he is bridging ?

> 
> IP addresses ending in .255 are not always broadcast addresses.  Any 
> subnet larger than class C (/24) can span more than one "block" of 256 IP 
> addresses.
> 
> > doesnt guarantie that its a broadcast. then i read that its possible by
> > matching the mac address, because broadcast will have ff:ff:ff:ff:ff:ff
> > . but I'm not sure if that's all  nonsense.
> 
> There is the difference here between an IP broadcast and an ethernet 
> broadcast.  IP broadcasts are sent to the ethernet broadcast address [1], 
> so you may be able to do a MAC match.
> 
> According to the manual page I have here, the module "mac" only offers a 
> --mac-source option but there are more options in PoM I believe, you may 
> want to check the mailing list archives.
> 
> David
> 
> 1- A ping to the broadcast address on a LAN:
> 13:44:59.765871 0:10:XX:XX:XX:XX Broadcast ip 98: 192.168.0.100 > 
> 192.168.0.255: icmp: echo request (DF)
> 
> 

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]