[Shorewall-users] Blocking local broadcasts
Tue, 30 Apr 2002 08:46:36 -0700 (PDT)
On Tue, 30 Apr 2002, Tom Eastep wrote:
> On Tue, 30 Apr 2002, Simon Turvey wrote:
> > > Shorewall adds the subnet broadcast address (if any) of each interface.
> > Any chance of an override option in interfaces (like we can specify noping,
> > routestopped, etc) that would say 'permit broadcast on this interface'?
> Packets only traverse the 'common' chain when the policy is other than
> ACCEPT. So if you simply put "-" in the BROADCAST column for an interface
> then broadcasts will be accepted if the applicable policy is ACCEPT.
Actually, it doesn't matter what you put in the BROADCAST column but
omitting that column results in one less useless rule in the common chain.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org