How to block broadcast messages (Apple's mDNS traffic)

iptables udp multicast mdns

6,567

UDP cannot have state - try without the state clause.

Also, be aware that if you are checking incoming traffic with tcpdump, this listens OUTSIDE the firewall.

6,567

Related videos on Youtube

Author by

orezvani

Updated on September 18, 2022

Comments

orezvani over 1 year
I am in a network and a user is sending broadcast messages on udp port 5353. Regardless of what that is and what their purpose is, I decided to block all the traffic, so I ran:
```
sudo iptables -A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 5353 -j DROP
```
But I am still getting the traffic (in wireshark), but with different source and destinations (neither the source nor the destination matches my IP). Apparently I need a mechanism to drop the broadcasts, is there any way of doing that using iptables or ufw?
- EEAA about 8 years
  
  Why do you feel the need to block this traffic?
- orezvani about 8 years
  
  Why shouldn't I block this traffic? There is no need to it, so I want to get rid of it. Secondly, and most importantly, there is security risk, which you can search and find out.
- fpmurphy about 8 years
  
  Why not simply drop all traffic to port 5353? Why the complicated rule?
- orezvani about 8 years
  
  @fpmurphy1 I was trying to do that.
- meuh about 8 years
  
  Try -I (or --insert) instead of -A to get the rule placed at the front of the processing.
- orezvani about 8 years
  
  @meuh There shouldn't be any difference between -A or -I num. As far as I know, -I places the rule in a certain row of the chain table. Since there is no other rule specified in the table, it will automatically have the highest priority.
orezvani about 8 years

Tried that, but still getting the traffic: sudo iptables -A INPUT -i eth0 -p udp -m udp --dport 5353 -j DROP
meuh about 8 years

@emab you are right, wireshark sits between the hardware interface and iptables, so you will still see the packets arriving, before they are dropped by iptables.
orezvani about 8 years

Then the problem is probably solved, since I am monitoring the packets in wireshark.
meuh about 8 years

@emab You can look at the number of packets matched by a rule with iptables -L -nvx.
orezvani about 8 years

@meuh Then it is working all good.
Jonas Dahlbæk almost 7 years

As far as I can tell, UDP 'state' can be handled with -m conntrack --ctstate, see iptables.info/en/connection-state.html

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

How to stream h264 with udp gstreamer

Need microsecond delay in .NET app for throttling UDP multicast transmission rate

Do I need a PORT when joining a multicast group or just the IP?

Dumping multicast UDP stream with socat

UDP packet and firewall

Problems with multicasts in "iptables"

lots of UDP_IN Blocked errors

Need iptables port forwarding for BIDIRECTIONAL UDP

multicast and iptables : troubleshooting?

multicast routing - CentOS 5