Malard

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • in reply to: Surviving a reboot… #45354
    Malard
    Member

    >I need to avoid broadcast tempest through zeroshell=bridge

    My tests :

    IPTABLES can’t filter Multicast !

    But fulvio added ebtables in zeroshell. That’s the solution !!!!

    In [Setup][Startup] of the web interface, I add :

    ebtables -A FORWARD -d Multicast –limit 100/second -j ACCEPT
    ebtables -A FORWARD -d Multicast -j DROP

    Test 1)
    I create a broadcast tempest on SEGMENT 1
    The problem isn’t transmetted on SEGMENT 2

    Test 2) VLC sends a video on SEGMENT 2

    On SEGMENT 1 , video is very bad quality. OK for me

    root@zeroshell root> ebtables -L –Lc
    Bridge table: filter

    Bridge chain: INPUT, entries: 0, policy: ACCEPT

    Bridge chain: FORWARD, entries: 2, policy: ACCEPT
    -d Multicast limit: avg 100/sec burst 5 -j ACCEPT , pcnt = 1778 — bcnt = 2374091
    -d Multicast -j DROP , pcnt = 2017 — bcnt = 2735052

    Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    François

    in reply to: Surviving a reboot… #45353
    Malard
    Member

    I didn’t explain very well.

    The rule was added in [Setup][Startup] of the web interface.

    My problem : If a modification is done in rules, iptables flush my addon.

    May be you could add in your script something like
    insert file etc/??/iptables.local

    Either : how to add my addon in you configuration ?

    Note : do you thing my rule is the best way to achieve broadcast control ?

    Thanks a lot
    François

    in reply to: Surviving a reboot… #45351
    Malard
    Member

    I need to avoid broadcast tempest through zeroshell=bridge.

    I add in Startup Configuration:

    /cdrom/usr/local/sbin/iptables -A FORWARD -m pkttype –pkt-type multicast -m limit –limit 10/second -j ACCEPT

    This rule is successfuly added at the end of FORWARD chain.

    root@zeroshell misc> iptables -L |grep limit

    ACCEPT all — anywhere anywhere PKTTYPE = multicast limit: avg 10/sec burst 5

    But if I change something in firewall configuration, this rule disappeares.
    => reboot is necessary

    Is there an other solution ?

    Thanks
    Francois

Viewing 3 posts - 1 through 3 (of 3 total)