At 01:03 PM 12/9/01 -0600, Michael D. Schleif wrote: > >I want to silently deny all traffic with destination 255.255.255.255, >regardless of source. > >This is in response to: > > input DENY eth0 PROTO=17 12.242.20.34:67 255.255.255.255:68 > >Is there any protocol or destination port for which these should *not* >be denied? ...
It depends on how your router gets its external address. The example you gave is a dhcp server replying to an (as yet) unconfigured dhcp client. If you need to get your external address via dhcp, you need to allow the very example you provided (assuming eth0 is external). Conversely, if your router acts as a dhcp server, it needs to accept the corresponding sorts of requests from dhcp clients on the relevant interface(s). I believe the Windows sharing services -- the ones that run on port 137-139 -- make some use of broadcast addresses as well. I don't run them here so cannot recall details. Unless you want to respond to broadcast pings (and why would you?), I can't think of any other common services that use broadcast IP packets. -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
