All things related to multicast

[Marshall Eubanks <>]

On May 9, 2007, at 5:16 PM, Bruce Curtis wrote:

> On May 9, 2007, at 1:16 PM, Bayly, Thomas G. wrote:
>
> > Does anyone have a best practice rule set to apply to firewalls  
> > that permits end users to receive multicast content but not source  
> > it?  And likewise for router ACL's?

In a router you want to block 232.0.0.0/4 outbound but not inbound,  
which is generally pretty simple.

Regards
Marshall

> > Cheers,
> >
> > Tom Bayly
> >
> > Information Technology Services
> >
> > University Support Building II
> >
> > Pennsylvania State University
>
>   The answers to Lab 7 in the Internet2 Multicast Workshop have  
> some example access-lists to prevent TCP or ICMP scanning of the  
> multicast IP range from creating state.  The access lists could be  
> modified to block all multicast traffic rather than just TCP or ICMP.
>
>
> http://multicast.internet2.edu/workshops/minneapolis/
>
>   But the access lists will still need to allow IGMP packets so  
> that clients can join groups and receive multicast.
>
> ---
> Bruce Curtis                         
>
> Certified NetAnalyst II                701-231-8527
> North Dakota State University