I have an ISP who services his MAN and Internet connection over VPN. He has a policy of temporarily blocking users who send multicast and/or broadcast packets to MAN. I want router to drop these kind of packets, but only if they are going to MAN (and VPN, I think sending multicast there has no sense), so I'm trying to build iptables rules for this. As far as I understood, iptables needs pkttype module to determine type of packet (sorry if I'm being wrong, I've started to learn iptables just half an hour ago), so roughly it'll look like this:
iptables -I FORWARD --out-interface vlan2 -m pkttype --pkt-type broadcast -j DROP iptables -I FORWARD --out-interface vlan2 -m pkttype --pkt-type multicast -j DROP
(I think I'll replace out-interface with destination to abstract from interfaces later)
Unfortunately, iptables in current builds of Toastman doesn't have pkttype module. Can you add it to the next builds, please?
Sorry if I'm digging in the wrong direction, I've received a block some time ago, so until I get ublocked I cannot clone git repo and try to build it with necessary module to check my solution.