RE: CAN-2004-1137

From: hilton de meillon (
Date: 01/05/05

  • Next message: TJ Easter: "firewall 1.4"
    To: "'Foundation Linux'" <>
    Date: Thu, 6 Jan 2005 00:04:17 +1000

    Thanks a lot Charles and to all who replied. I will try these solutions and
    see how I fare.

    I really need to touch up my TCP/IP or IGMP/IP skills.

    One question -your iptables statement had two entries - one for inbound igmp
    one for outbound igmp, the first rule makes sense but the second one throws
    me a bit
    as it is in the INPUT chain and not the OUTPUT chain - is this just a lack
    in my understanding of iptables ?.


    -----Original Message-----
    From: Foundation Linux []
    Sent: Wednesday, 5 January 2005 6:02 AM
    To: hilton de meillon
    Subject: Re: CAN-2004-1137

    I'm not sure if my other message got thru, so here goes again.

    IGMP is an IP datagram like ICMP. It uses the multicast range, Class D, IP

    You can drop those packets in iptables without issue.

    Charles Hill

    hilton de meillon wrote:

    > I have been doing a bit of research - there are numerous instances of
    >iptables scripts containing rules to block IGMP using iptables - am I
    >correct in saying that IGMP is on the network layer IP protocol 2 hence
    >all the iptables rulesets claiming to block igmp are misinformed ?.
    >Is there a igmptables or any other way of selectively blocking IGMP
    >using linux ?.

  • Next message: TJ Easter: "firewall 1.4"