I usually use: iptables -A FORWARD -s 0.0.0.255/0.0.0.255 -j DROP iptables -A FORWARD -d 0.0.0.255/0.0.0.255 -j DROP iptables -A FORWARD -s 0.0.0.0/0.0.0.255 -j DROP iptables -A FORWARD -d 0.0.0.0/0.0.0.255 -j DROP
to stop routing of broadcasted packets. This works assuming you only have 256 sized classes. At 15:18 28-05-2002 +0200, Thomas Heinz wrote: >Hi > >Netfilter supports arbitrary netmasks for IP addresses which is more >powerful than just those IP/x (0 <= x <= 32) expressions. >For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work ;-). > >Are masks that cannot be expressed in the IP/x schmeme (at least not in one >rule) used in practise? Are they used at all in firewall rulesets? > > >Thomas
