Skip to content

Commit

Permalink
nhrpd: Document how to block redirected multicast packets
Browse files Browse the repository at this point in the history 
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
  • Loading branch information
@reubendowle
reubendowle committed Apr 5, 2021
1 parent ca31749 commit ab9ad93
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions doc/user/nhrpd.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,11 +189,14 @@ nhrpd can be configured to forward multicast packets, allowing routing
protocols that use multicast (such as OSPF) to be supported in the DMVPN
network.

This support requires an NFLOG redirection rule to work:
This support requires an iptables NFLOG rule to allow nhrpd to intercept
multicast packets. A second iptables rule is also usually used to drop the
original multicast packet.

.. code-block:: shell
iptables -I OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2
iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2
iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j DROP
.. index:: nhrp multicast-nflog-group (1-65535)
.. clicmd:: nhrp multicast-nflog-group (1-65535)
Expand Down

0 comments on commit ab9ad93

Please sign in to comment.