proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-05-23 23:05:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nhrpd: Document how to block redirected multicast packets

Browse Source 
Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
This commit is contained in:
Reuben Dowle 2021-03-09 13:52:23 +13:00
parent ca317495b8
commit ab9ad933d0
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/user/nhrpd.rst
View File

@ -189,11 +189,14 @@ nhrpd can be configured to forward multicast packets, allowing routing
protocols that use multicast (such as OSPF) to be supported in the DMVPN
network.
This support requires an NFLOG redirection rule to work:
This support requires an iptables NFLOG rule to allow nhrpd to intercept
multicast packets. A second iptables rule is also usually used to drop the
original multicast packet.
.. code-block:: shell
iptables -I OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2
iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j NFLOG --nflog-group 2
iptables -A OUTPUT -d 224.0.0.0/24 -o gre1 -j DROP
.. index:: nhrp multicast-nflog-group (1-65535)
.. clicmd:: nhrp multicast-nflog-group (1-65535)