1

I have secured a linux box, starting with

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

and after adding rules to enable specific protocols and streams.

  • Which are the correct rules to add multicast support ?

I am trying with these - for both client and server multicast :

iptables -A INPUT  -m pkttype --pkt-type multicast -j ACCEPT
iptables -A OUTPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -A INPUT  --protocol igmp -j ACCEPT
iptables -A OUTPUT --protocol igmp -j ACCEPT
iptables -A INPUT  --dst "224.0.0.0/4" -j ACCEPT
iptables -A OUTPUT --dst "224.0.0.0/4" -j ACCEPT

Linux 2.6.38-12 / iptables 1.4.10

  • Is there any internet service to test my multicast set ( pc + adsl router + provider ) ?
Massimo
  • 260
  • 3
  • 13
  • It would be helpfull to tell us which version of netfilter/iptables do you use. If you use the distro standard, please let us know, which linux distro including version information do you use. – f4m8 Nov 25 '11 at 13:44
  • Done. Also with a new, related, question. – Massimo Nov 25 '11 at 14:04

1 Answers1

1

multicast over the global internet does not exist, it is unicast only.

If you wish to test multicast addresses, configure it within your own network.

Olipro
  • 2,967
  • 18
  • 18
  • This info is incorrect. multicast works over WAN and internet, your provider have to enable and configure the routers. – Massimo Nov 27 '11 at 13:52
  • right, via peerings to participants in the multicast group. my point still stands that the Internet as a whole does not have multicast. – Olipro Nov 27 '11 at 20:49
  • 1
    Ok, but you don't answer my question about iptables. – Massimo Nov 30 '11 at 07:13
  • matching on a packet type of "multicast" is sufficient depending on what overall ruleset you have configured iptables with; if all your chains are set to ACCEPT, obviously you don't need any rules at all. – Olipro Dec 09 '11 at 02:21