block unwanted traffic to internet via IPTABLES - help

[needee]

eth0(lan_interface) IP: 192.168.0.1
eth1(internet_Interface) IP: 192.168.1.1

this machine is a gateway for the lan, running iptables and squid.

the problem is that 90% of the lan is Windows XP, and we dont have a good Anti-virus installed on all of our windows XP machines.
These Windows XP machines does Broadcast due to viruses and Trojans, and consumes almost 80% of our internet bandwidth.

please share if there is/are any iptables rule(s) that can stop these unwanted traffic to internet.

our users are allowed to connect almost every thing e.g msn/yahoo/skype messengers, webcam, outlook(smtp/pop).

I am also attaching the iptables script we used on this gateway, for the kind consideration of you GURUS. I am not a IPTABLES master, I have download this attached iptables script from internet.

Please help me.

Regards

[janvl]

Firestarter is a somewhat easier to handle front-end for IPtables.

On the XP machines install Avast free antivirus and Comodo-firewall, also free together this gives you fairly secure XP systems. Comodo has more free antimalware programms.

[Lazydog]

At the beginning of your input rules add this:

Code:

iptables -A INPUT -d 255.255.255.255 -j DROP

This will block all Broadcasts

You would be very wise to install virus software on your windows boxes.

[needee]

nice help Dear janvyl and lazydog for superb help.