> put a box up in between the host and the rest of the network
erwin a crit :
At worst if it's not loopback traffic you can use the MARK target withQuote:> To test an Application that communicates over UDP Multicast I would
> like to filter out some packets using iptables. However, when I
> specify a rule to DROP the packets on send, the application gets an
> "Operation not permitted" error. What I would like to achieve is that
> the packet gets silently dropped, without the application on the local
> machine getting an immediate error.
I work with a large distributed system that makes heavy use of TCP/IP.
For example, from a command system we could expect around 900 TCP/IP
connections to remote nodes.
I would like to simulate all of those 900 TCP/IP connections dropping
at the same time. I.e., I would like RST packets to be sent to the
command system at the same time.
It has been suggested to just pull the cables to this command system
but I don't think that will suffice. The command system is a NT 4.0
box, and I believe the connections would require keep-alive timeouts
to occur before dropping. I'm more interested in a major network
So, I've placed a Linux firewall running Red Hat 8 in between the
command system and the rest of the world. My next step is to figure
out a way to use that system to drop all the connections for me.