RE: CAN-2004-1137

From: hilton de meillon (hiltond_at_hotpop.com)
Date: 01/05/05

  • Next message: TJ Easter: "firewall 1.4" 
    To: "'Foundation Linux'" <webmaster@foundationlinux.com>
Date: Thu, 6 Jan 2005 00:04:17 +1000

    Thanks a lot Charles and to all who replied. I will try these solutions and
    see how I fare.

    I really need to touch up my TCP/IP or IGMP/IP skills.

    One question -your iptables statement had two entries - one for inbound igmp
    and
    one for outbound igmp, the first rule makes sense but the second one throws
    me a bit
    as it is in the INPUT chain and not the OUTPUT chain - is this just a lack
    in my understanding of iptables ?.

    Hilton.

    -----Original Message-----
    From: Foundation Linux [mailto:webmaster@foundationlinux.com]
    Sent: Wednesday, 5 January 2005 6:02 AM
    To: hilton de meillon
    Cc: focus-linux@securityfocus.com
    Subject: Re: CAN-2004-1137

    I'm not sure if my other message got thru, so here goes again.

    IGMP is an IP datagram like ICMP. It uses the multicast range, Class D, IP
    addresses: 224.0.0.0/4

    You can drop those packets in iptables without issue.

    Charles Hill

    hilton de meillon wrote:

    > I have been doing a bit of research - there are numerous instances of
    >iptables scripts containing rules to block IGMP using iptables - am I
    >correct in saying that IGMP is on the network layer IP protocol 2 hence
    >all the iptables rulesets claiming to block igmp are misinformed ?.
    >
    >Is there a igmptables or any other way of selectively blocking IGMP
    >using linux ?.
    >
    >Hilton.
    >
    >
    >

  • Next message: TJ Easter: "firewall 1.4"