[Shorewall-users] Blocking local broadcasts
Tue, 30 Apr 2002 08:41:57 -0700 (PDT)
On Tue, 30 Apr 2002, Simon Turvey wrote:
> > Shorewall adds the subnet broadcast address (if any) of each interface.
> Any chance of an override option in interfaces (like we can specify noping,
> routestopped, etc) that would say 'permit broadcast on this interface'?
Packets only traverse the 'common' chain when the policy is other than
ACCEPT. So if you simply put "-" in the BROADCAST column for an interface
then broadcasts will be accepted if the applicable policy is ACCEPT.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org