On Wed, 9 Jan 2008, Chris Buechler wrote:
> On Jan 9, 2008 5:57 PM, Michel Servaes <michel at mcmc dot be> wrote:
> > I tried blocking on the WAN interface, then used IGMP as protocol, and
> > as destination 126.96.36.199
> The protocol most likely isn't IGMP. I'd change that to any and leave
What makes you say that? Routers that support IP multicast commonly send
periodic IGMP multicasts. My ISP does it every 125 seconds. And when
"IGMP" appears in the firewall log, it isn't a hallucination. :-)
> the rest of the rule as is, that should work. I've done that before
> and it worked properly.
I have a no-log block rule for IGMP to keep those out of the log, which
worked at one time. But at some point, the router started including some
sort of IP option in the IGMP multicasts, and since m0n0wall has a
hard-coded rule to drop packets with IP options, which is ahead of all
user rules, there's no longer any way to keep them out of the log.