[ previous ] [ next ] [ threads ]
 
 From:  Troy <troy at twisted dot net>
 To:  MonoWall-General List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IGMP 224.0.0.1 auto blocked by rule at @0 - filling up logs
 Date:  Sat, 8 Apr 2006 18:04:12 -0500
my CPE router will constantly send out meaningless IGMP packets every 2
minutes (WAN side) and it's filling up my logs.  I looked at the output of 
ipfstat -nio and the rule that is matching is not listed.

The source address of the IGMP is coming from a publically routable
address so it's not the private address blocking rule that is making it
match and constantly log.  

You can see that the rule number appears as @0.  I tried to create an
explicit rule to block 224.0.0.1 so it would stop filling up my logs but
because this rule is being executed at "0" it's catching them first.

I am not using the "block RFC 1918" addresses by default - I'm statically
blocking those with my own rules.  Where is this magic hidden firewall
rule at line 0 being sent from?

Log Output
----------

Apr  8 17:57:17 host ipmon[87]: 17:57:17.079139 vr0 @0:3 b xx.xx.xx.xx ->
224.0.0.1 PR igmp len 24 (32) IN


-Troy