How to make iptables ALLOW rule for multicast?

Question

I have two servers that uses ucarp as failover. On each server eth1:1 is reserved for ucarp's keepalive connection.

ucarp uses the destination IP as multicast address 224.0.0.18.

On ucarp master server is eth1:1's IP 192.168.245.2 and on the secondary serve is eth1:1's IP 192.168.245.3.

Question

I would like to make an iptables rule on each server, so these NIC's are not used by anyone by mistake. I.e. drop everything expect for ucarp.

How would such a rule look like for the master server?

I assume something like this?

iptables -P INPUT -i eth1:1 -j DROP
iptables -A INPUT -i eth1:1  ? something with multicast ?  -j ACCEPT

quanta · Accepted Answer · 2011-10-28T11:26:45.037

7

iptables -A INPUT -i eth1:1 -m pkttype --pkt-type multicast -j ACCEPT

Make sure that the xt_pkttype module is loaded into the running kernel:

--- Networking support        
      Networking options  --->
          [*] Network packet filtering framework (Netfilter)  --->
              Core Netfilter Configuration  --->
                  <*>   "pkttype" packet type match support

edited Oct 28 '11 at 11:26

answered Oct 28 '11 at 10:59

quanta

50,327
19
152
213

How to make iptables ALLOW rule for multicast?

1 Answers1

Linked