This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Rules_multicast_broadcast

My packet filter log is filling with unwanted entries:

192.168.2.10    ->  192.168.2.100   ICMP echo request
192.168.100.1    ->  224.0.0.1
192.168.2.10    ->  192.168.2.100   ICMP echo request

10.100.48.1 67  ->  255.255.255.255 68 UDP
192.168.100.1    ->  224.0.0.1

I know the 192.168.2.10 -> 192.168.2.100 is my eth0 and a router...i made a rule to allow and block this imcp echo and did not work...

the 10.100.48.1 is my isp dhcp server....not sure how to set up the rule for this broadcast...i received my address fine...i guess its checking so it doesnt release two of the same address..?

the 192.168.100.1 -> 224.0.0.1  cable modem sending out multicast.....tried to allow and tried to block....not sure how to create multicast network definition..

any help thanks...

This thread was automatically locked due to age.

Parents

0 oliver.desch over 23 years ago

spidercat,

define it as a host 224.0.0.1/255.255.255.255
and if you do not want it ro reported in the filterlog
setup a packet filter rule "ANY ANY Multcast1 DROP"

This should do the trick
o|iver

[ 08 June 2002: Message edited by: oliver.desch ]
Cancel
Vote Up 0 Vote Down

Cancel
0 spidercat over 23 years ago in reply to oliver.desch

O|iver,

I finally have rules to not log dhcp and the broadcast addresses. That was pretty easy. Still no luck on the multicast.. (tried drop and allow) mulitcast is about the only thing in my filter violation livelog. every three minutes..argghh.. I have tried every possible combination for packets and placement(rule number)My kernel log shows its droped but my packet violation filter keeps logging it.

kernel log

Jun  8 18:11:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
Jun  8 18:14:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
Jun  8 18:17:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2

filter violation livelog

18:11:53 192.168.100.1    ->  224.0.0.1
18:14:53 192.168.100.1    ->  224.0.0.1
18:17:53 192.168.100.1    ->  224.0.0.1

weird...thnks for the suggestion....maybe i need to somehow define a igmp service protocol..

spidercat
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 spidercat over 23 years ago in reply to oliver.desch

O|iver,

I finally have rules to not log dhcp and the broadcast addresses. That was pretty easy. Still no luck on the multicast.. (tried drop and allow) mulitcast is about the only thing in my filter violation livelog. every three minutes..argghh.. I have tried every possible combination for packets and placement(rule number)My kernel log shows its droped but my packet violation filter keeps logging it.

kernel log

Jun  8 18:11:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
Jun  8 18:14:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
Jun  8 18:17:53 kernel: IGMP Drop: IN=eth1 OUT= SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2

filter violation livelog

18:11:53 192.168.100.1    ->  224.0.0.1
18:14:53 192.168.100.1    ->  224.0.0.1
18:17:53 192.168.100.1    ->  224.0.0.1

weird...thnks for the suggestion....maybe i need to somehow define a igmp service protocol..

spidercat
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Phil Purdue over 23 years ago in reply to spidercat

I'm having the same problem with the IGMP protocol issue.
Again, tried all possible rule combinations but the logging still occurs.
Can a new protocol be setup to allow direct interaction with IGMP?

Thanks
Phil Purdue
Cancel
Vote Up 0 Vote Down

Cancel