I have a bridged-mode VPN using two DD-WRT routers connected to cellular modems. To avoid excessive bandwidth usage and fees, it would be nice to block multicast traffic originating from Allen Bradley PLCs on both sides of the network from crossing the VPN.

Unfortunately I can't use routed mode in this scenario.

Any way to do this?


Ryan Griggs
  • 885
  • 2
  • 12
  • 27
  • I'm not too familiar with those PLCs (aka if they need certain multicast protocols) but can't you just block any traffic to the muslticast addresses? – Broco Jan 11 '17 at 09:27
  • I was under the impression from other comments that multicast traffic is not filter-able by iptables due to multicast being processed at Layer 2 (MAC). Is this wrong? – Ryan Griggs Jan 11 '17 at 14:03
  • Depends on what kind of multicast you mean. There is IP-level multicast and there is Layer 2 Multicast like ARP (though ARP is kind of a hybrid). But ARP isn't used in VPN connections since the VPN is a whole different story, it encapsulates the regular IP traffic. For IP there is a broadcast address which is the last address in your network (e.g. for a network the broadcast address is Some services use other multicast addresses (e.g. UPnP uses udp). Best way to find out what multicasts your PLCs drop is to look at the traffic (wireshark?). – Broco Jan 11 '17 at 14:16

0 Answers0