my CPE router will constantly send out meaningless IGMP packets every 2
minutes (WAN side) and it's filling up my logs. I looked at the output of
ipfstat -nio and the rule that is matching is not listed.
The source address of the IGMP is coming from a publically routable
address so it's not the private address blocking rule that is making it
match and constantly log.
You can see that the rule number appears as @0. I tried to create an
explicit rule to block 220.127.116.11 so it would stop filling up my logs but
because this rule is being executed at "0" it's catching them first.
I am not using the "block RFC 1918" addresses by default - I'm statically
blocking those with my own rules. Where is this magic hidden firewall
rule at line 0 being sent from?
Apr 8 17:57:17 host ipmon: 17:57:17.079139 vr0 @0:3 b xx.xx.xx.xx ->
18.104.22.168 PR igmp len 24 (32) IN