Is my IP tables rule to drop all eth0 to router/8 ip necessary?

[Deleted member 27741]

Hey all- I have an iptables rule that blocks all traffic from input eth0 to 10.0.0.0/8 (my router is allocated to that network).

It blocks a lot of packets-
packets- 27819 DROP all -- eth0 * 10.0.0.0/8 0.0.0.0/0

Everything works fine, perfectly in fact with the rule so it does not seem to do any harm that I know of. Is this rule doing anything or am I just blocking some form of communication between my modem and router?

 

[ColinTaylor]

It depends where in the INPUT chain you have put that rule. But as the last rule in the chain drops everything from all interfaces anyway it would seem pointless adding this additional rule.

 

[RMerlin]

If you truly are blocking everything, then you'll end up blocking communications between your ISP and your router, such as DHCP requests.

The default policy already takes care of blocking unsolicited traffic.

 

[Deleted member 27741]

Ha! I do think the rule is kind of pointless... I think I added it when I was attempting to "harden" my iptables rules. I will change it to logdrop and see where the packets are coming from just out of curiosity.

 

[Deleted member 27741]

The packets are coming from
SRC=10.15.192.1 DST=255.255.255.255
My local network is not on 10.15.192.1 and I can't find anyting with that ip address- is that weird?

 

[ColinTaylor]

It's just broadcast traffic on your ISP's local network.

 

[Deleted member 27741]

Thanks for your wisdom guys! So this broadcast traffic on my ISP's local network- it is something that can be blocked without consequence but also useless to block, correct?

 

[ColinTaylor]

Yes, it can and is being blocked by the default rules.

 

[RMerlin]

If it's related to ports 67 or 68 then you definitely do not want to block that - that's DHCP.