by I have an application running on multiple nodes that sends udp traffic
to a multicast address (224.120.12.40) and port (23285). All nodes
subscribe to this multicast address and participate in the multicast
address.
I'm trying to make one node drop it's incoming multicast traffic. Say
the IP address of this node is 10.20.10.1. So I've constructed the
rules below to try and help.
There are two ways I can check this works. i) look at iptables -L -v
and see the trigger rate. ii) check that my application is indeed not
receiving incoming udp traffic on port 23285 from 224.120.12.40
# iptables -I INPUT -p udp --destination-port 23285 -j DROP
# iptables -L -v
Chain INPUT (policy ACCEPT 369K packets, 197M bytes)
pkts bytes target prot opt in out source
destination
136 29341 DROP udp -- any any anywhere
anywhere udp dpt:23285
This appears to drop incoming udp packets to port 23285, but the
application is still the udp traffic.
# iptables -I INPUT -p udp -d 224.120.12.40 -j DROP --destination-port
23285
Chain INPUT (policy ACCEPT 3687K packets, 1103M bytes)
pkts bytes target prot opt in out source
destination
366 78205 DROP udp -- any any anywhere
224.120.12.40 udp dpt:23285
This also appears to drop incoming udp packets to port 23285 with a
destination of 224.120.12.40, but the application is still seems to be
seeing the udp traffic.
And trying to refine the above rule:
# iptables -I INPUT -p udp -d 224.120.12.40 -m pkttype --pkt-type
multicast -j DROP --destination-port 23285 -i bond0
Will drop traffic but the application still appears to see the
traffic.
Am I doing something fundamentally wrong here. I'm sure these rules
should work in the way I've written them.
Thanks in advance to anyone who can comment on this.
Will.