0

I tried to filter layer 2 multicast packet (no IP header) generated by GOOSE protocol.

enter image description here

The commands below are used (ebtable and iptables) but did not work. Can anyone please give some advice?

I used ebtables because i readed that iptables can't open packet who dont have ip header (layer 3 minimum). The packet were sent from machine A to machine B (client/server software).

a. ebtables -A INPUT -j DROP ebtables -A OUTPUT -j DROP

b. iptables -A INPUT -m pkttype --pky-type multicast -j DROP iptables -A OUTPUT -m pkttype --pky-type multicast -j DROP

I tried all the commands above, but i can't stop my multicast packet (DROP was just used for test purpose)

Thank you in advanced...

yassine
  • 45
  • 1
  • 11

1 Answers1

0

For the one's who are in the same probleme in the future, i manage to resolve the probleme, first, you should now that iptables can't filter protocole who don't use ip header, so in my case, my protocole is layer 2 (like arp), the best tool for that is ebtables.

The DROP test that i already realise didn't work because i used ebatbles in a normale inerface, and this is a probleme for ebtables, he don't accept it, you should configure an bridge interface before using ebtables.

This the command i typed to creat bridge:

brctl addbr br0
brctl stp br0 off
brctl addif br0 eno16777736
ifconfig br0 10.0.0.131 netmask 255.255.255.0
ifconfig eno16777736 0 0.0.0.0
ip route add default via 10.0.0.1    

ebtables -t broute -A BROUTING -j DROP

Hop this will help some one in the future

yassine
  • 45
  • 1
  • 11