Iptables – multicast and iptables : troubleshooting

iptablesmulticast

I have secured a linux box, starting with

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

and after adding rules to enable specific protocols and streams.

Which are the correct rules to add multicast support ?

I am trying with these – for both client and server multicast :

iptables -A INPUT  -m pkttype --pkt-type multicast -j ACCEPT
iptables -A OUTPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -A INPUT  --protocol igmp -j ACCEPT
iptables -A OUTPUT --protocol igmp -j ACCEPT
iptables -A INPUT  --dst "224.0.0.0/4" -j ACCEPT
iptables -A OUTPUT --dst "224.0.0.0/4" -j ACCEPT

Linux 2.6.38-12 / iptables 1.4.10

Is there any internet service to test my multicast set ( pc + adsl router + provider ) ?

Best Answer

multicast over the global internet does not exist, it is unicast only.

If you wish to test multicast addresses, configure it within your own network.

Related Solutions

Ubuntu – Why does a valid set of iptables rules slow the server to a crawl

You're missing a rule to accept traffic based on existing traffic (the rule that makes iptables stateful). This should be your very first rule:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Iptables – How to configure iptables in DD-WRT to block Skype on br1 only

Your Skype rules are blocking traffic originating from the given IP address ranges. So the traffic is coming in on your WAN interface, not your guest bridge br1. That's why -i br1 doesn't work.

To fix this, instead block traffic to those destinations which comes in from the guest bridge. For example:

iptables -I FORWARD -i br1 -d 111.221.74.0/24 -j DROP

Related Topic