First let me thank all that responded to my quest for some iptables ideas for getting rid of encaped non-ampr source packets. Most of it I understood and some I did not. In any event, I learned quite a bit along the way.
For me, most all of the bad stuff is coming in via the spoofed ampr gateway address of 169.228.66.251 . The only thing I use the gateway for is the rip broadcasts. Linwood is right — the obvious solution is to simply use the emailed routing tables from the portal and not use rip at all. Then simply block everything coming from 169.228.66.251 - easy peasy. Several of my jnos forwarding partners have been doing this for years. Not as convenient, but it will do the job - they get a daily updated table via email and automatically install it and then source it.
I think this is the route I will take for now while keeping on playing with iptables.
jerome ve7ass Vancouver
On Apr 20, 2017, at 18:11, lleachii--- via 44Net 44net@hamradio.ucsd.edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Correction...he can't get routes from AMPRGW...without someone else bootstrapping him.
- Lynwood
On 04/20/2017 09:05 PM, lleachii@aol.com wrote:
(but then he can't use the Internet on his AMPRLAN then). Just my $0.02...
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net