On Thu, Jun 21, 2001 at 05:14:52PM +0200, Sebastiaan wrote: > Hi, > On Thu, 21 Jun 2001, Carel Fellinger wrote: > > > On Thu, Jun 21, 2001 at 08:13:03AM +0200, Sebastiaan wrote: > > ... > > > That is true. However, it seems like a good idea to filter that way. Will > > > this do the job? > > > iptables -P INPUT DROP > > > iptables -A INPUT -i eth0 -d ! 212.127.242.126 -j DROP > > > > This will drop all legitimate multicast/broadcast too. > > > Does that hurt? I mean, will my/the internet performace go down? What is > the use of broadcast messages over the internet?
I'm no expert, so be warned, this could be double dutch. I think it's mainly used for things like streaming video and video conferencing, and ofcourse the initial step of DHCP/BOOTP ed. The latter won't bite you as it is used from your machine to your IPS, the anwser back has a normal destination adress (as far as I know). -- groetjes, carel
