[Shorewall-users] Blocking local broadcasts

Tom Eastep teastep@shorewall.net
Tue, 30 Apr 2002 08:41:57 -0700 (PDT)

On Tue, 30 Apr 2002, Simon Turvey wrote:

> > Shorewall adds the subnet broadcast address (if any) of each interface.
> Any chance of an override option in interfaces (like we can specify noping,
> routestopped, etc) that would say 'permit broadcast on this interface'?

Packets only traverse the 'common' chain when the policy is other than 
ACCEPT. So if you simply put "-" in the BROADCAST column for an interface 
then broadcasts will be accepted if the applicable policy is ACCEPT.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net