Forum Replies Created
>I need to avoid broadcast tempest through zeroshell=bridge
My tests :
IPTABLES can’t filter Multicast !
But fulvio added ebtables in zeroshell. That’s the solution !!!!
In [Setup][Startup] of the web interface, I add :
ebtables -A FORWARD -d Multicast –limit 100/second -j ACCEPT
ebtables -A FORWARD -d Multicast -j DROP
I create a broadcast tempest on SEGMENT 1
The problem isn’t transmetted on SEGMENT 2
Test 2) VLC sends a video on SEGMENT 2
On SEGMENT 1 , video is very bad quality. OK for me
root@zeroshell root> ebtables -L –Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 2, policy: ACCEPT
-d Multicast limit: avg 100/sec burst 5 -j ACCEPT , pcnt = 1778 — bcnt = 2374091
-d Multicast -j DROP , pcnt = 2017 — bcnt = 2735052
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
I didn’t explain very well.
The rule was added in [Setup][Startup] of the web interface.
My problem : If a modification is done in rules, iptables flush my addon.
May be you could add in your script something like
insert file etc/??/iptables.local
Either : how to add my addon in you configuration ?
Note : do you thing my rule is the best way to achieve broadcast control ?
Thanks a lot
I need to avoid broadcast tempest through zeroshell=bridge.
I add in Startup Configuration:
/cdrom/usr/local/sbin/iptables -A FORWARD -m pkttype –pkt-type multicast -m limit –limit 10/second -j ACCEPT
This rule is successfuly added at the end of FORWARD chain.
root@zeroshell misc> iptables -L |grep limit
ACCEPT all — anywhere anywhere PKTTYPE = multicast limit: avg 10/sec burst 5
But if I change something in firewall configuration, this rule disappeares.
=> reboot is necessary
Is there an other solution ?