AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

How to disable multicast outbound traffic on AIX 6.1

  • 1.  How to disable multicast outbound traffic on AIX 6.1

    Posted Wed June 22, 2011 03:31 AM

    Originally posted by: Dannymu


    Hello,
    Now I have two AIX nodes (A and B). On both A and B, I launched a multicast appliance (simply send a message to a multicast address). Hence, on node A, I can receive messages from both A and B. So it did on node B. I used tcpdump and found info like this:
    A.mcport -> MulticastIP.mcport
    B.mcport -> MulticastIP.mcport

    My target is to disable outbound traffic while reserve inbound traffic on node A. That is, although the multicast appliances are still running on node A and B, node A can only receive multicast messages from B while node B can not receive messages from node A.
    I added a IPsec rule on node A:
    deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 eq mcport both outbound no all packets 0 all 0 none
    It did not take effect.
    If I added this rule on node A:
    deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 eq mcport both inbound no all packets 0 all 0 none
    Then Node A will not receive messages from both A and B. However, on node A, tcpdump still show
    A.mcport -> MulticastIP.mcport
    B.mcport -> MulticastIP.mcport

    It seems like IPSec can take effect for inbound multicast traffic while not for outbound.
    Could I know are there any errors when configuring IPSec? Or IPsec itself will not work? Then are there any tools to achieve this goal? Thanks.


Related Content