[Shorewall-users] Blocking local broadcasts

Tom Eastep teastep@shorewall.net
Tue, 30 Apr 2002 08:46:36 -0700 (PDT)


On Tue, 30 Apr 2002, Tom Eastep wrote:

> On Tue, 30 Apr 2002, Simon Turvey wrote:
> 
> > > Shorewall adds the subnet broadcast address (if any) of each interface.
> > 
> > Any chance of an override option in interfaces (like we can specify noping,
> > routestopped, etc) that would say 'permit broadcast on this interface'?
> > 
> 
> Packets only traverse the 'common' chain when the policy is other than 
> ACCEPT. So if you simply put "-" in the BROADCAST column for an interface 
> then broadcasts will be accepted if the applicable policy is ACCEPT.
> 

Actually, it doesn't matter what you put in the BROADCAST column but 
omitting that column results in one less useless rule in the common chain.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net