On 5/16/07, Gustin Johnson <[EMAIL PROTECTED]> wrote:
Is there a reason you are not using iptables to drop these packets?
yes. First it is not invisible for the application (try yourself with ping). If I use QUEUE though it's really transparent. Ask netfilter guys why. But I need these packets to be received locally and that's why iptables can't help. I mean I give an example using ping but I am actually going to handle multicast packets that have to be received by other local processes. I just don't want these to go out of the machine. Applications are not in my control to change ttl or whatever. The solutions I propose seem to work fine, but I'm not sure if there aren't any side effects that could appear depending on how the application has been written. The only thing returning errors I've found is ping but could I know if any application I'm running will work fine? The other tool I could try is mrouted but I think there should be an easier way. This drops packets originating on the Linux box
iptables -A OUTPUT -d 10.10.10.1 -j DROP The following drops packets that originate elsewhere (such as a NAT'd LAN) iptables -A FORWARD -d 10.10.10.1 -j DROP
_______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
