[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Paul Dugas <paul at dugas dot cc>
 Cc:  m0n0wall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Block IGMP
 Date:  Mon, 06 Jun 2005 18:19:40 +0200 
Hi Paul!

Am Montag, den 06.06.2005, 11:29 -0400 schrieb Paul Dugas:
> but I don't want to see all the IGMP traffic
> generated by another router I have in place.  I added a firewall rule on
> the LAN interface (where the IGMP-noisy router is connected) to block it
> without logging it (proto=IGMP src=*:* dst=*:*) but it's not doing the
> trick.
> Annoying.  Suggestions appreciated.

One problem I can think about:
All IP packets from any subnet on your LAN interface which is not
directly connected to it (i.e. 10.10.99.x) is blocked because of anti
spoofing rules on the WAN interface page ("Block private networks")

That checkbox results in a rule like:
@10 block in log quick on sis0 from !10.10.2.0/24 to any

For the second one: Please give us an output of "ipfstat -nio" and the
rule number the packet was blocked (see posting form Chris).

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |           /* dbmrefcnt--; */ /* doesn't work, rats
 Peter Allgeyer |   _-_     */  -- Larry Wall in hash.c from the perl
                | 0(o_o)0   source code
---------------oOO--(_)--OOo-----------------------------------------------