[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IGMP is filling up my Firewall Logs
 Date:  Sun, 12 Sep 2004 12:59:52 -0700 (PDT)
On Sat, 11 Sep 2004, sylikc wrote:

> AFAIK in terms of security, IGMP packets are pretty harmless.  They
> are just probe/update packets for multicasting.  I'm pretty sure m0n0
> just drops them.  I'm not aware of any exploits that make use of IGMP.
>  Here's a link that describes what IGMP is/does:
> http://www.et.put.poznan.pl/tcpip/igmp/igmp_intro.htm

Indeed.  The only reason I put a block rule in for it here is to get rid
of the log entries, and the only reason it's a block rule is because
m0n0wall doesn't support multicasting.

On Sun, 12 Sep 2004, Timothy Jans wrote:

> Indeed, when I allow IGMP, they will still end up in my logs.
> Looks like when "implicit logging (default rule)" is enabled m0n0wall 
> ignores the non-log of the explicit rule.

I have a no-log rule for IGMP here, as well as logging enabled for the
default rule, and it works fine.  You must either have the rule wrong, or
have an earlier rule that matches the packets.

					Fred Wright