What rule(s) are needed to allow ucarp traffic on IPTables?
Asked
Active
Viewed 958 times
1 Answers
2
I'm assuming you're talking about the advertisment packets between ucarp hosts. I haven't used ucarp, but a quick examination of the source makes me think that it's listening via libpcap such that it will be effectively immune to filtering by iptables.
The carp_send_ad() function in carp.c seems to be where the advertisment packets are sourced from. I'm seeing the code putting together a multicast or broadcast ethernet frame (depending on the no_mcast boolean) with the CARP advertisment inside it. The source IP appears to be the source ip specified on the command-line and the destination IP appears to be the the multicast address 224.0.0.18. As such, you could filter for these source and destination addresses on the INPUT chain, but I think you're going to find that there's no need to worry about it since the packets are being slurped off the wire with libpcap anyway.
(It would be nice if the rain here would let up a bit so that I wasn't sitting inside playing Server Fault...)
Evan Anderson
- 141,071
- 19
- 191
- 328