#!/bin/sh
#
# Shorewall 2.0 /etc/shorewall/DropBcast
#
# System-provided user exit for adding rules to the DropBcast chain
# created by the DropBcast action (action.DropBcast)

qt iptables -A DropBcast -m pkttype --pkt-type broadcast -j DROP

if ! qt iptables -A DropBcast -m pkttype --pkt-type multicast -j DROP; then
    #
    # No pkttype support -- do it the hard way
    #
    for address in $(find_broadcasts) 255.255.255.255 224.0.0.0/4 ; do
	run_iptables -A DropBcast -d $address -j DROP
    done
fi