[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IGMP is filling up my Firewall Logs
 Date:  Sun, 12 Sep 2004 15:53:28 -0700 (PDT)
On Mon, 13 Sep 2004, Timothy Jans wrote:

> Ok, I think I discovered a bug and solved my problem :)

Depends on what you mean by "bug". :-)

> This is what I get with no explicit rule :
> 23:46:19.930192 WAN  	IGMP
> 23:46:19.929921 WAN 	IGMP
> 23:46:19.929646 WAN 	IGMP
> 23:46:19.929361 WAN 	IGMP
> 23:46:19.929041 WAN 	IGMP
> 23:46:19.928769 WAN 	IGMP
> 23:46:19.928496 WAN 	IGMP
> 23:46:19.928239 WAN 	IGMP
> This is what I get with an explicit non-logging rule for IGMP :
> 23:50:29.966303 WAN  	IGMP
> 23:50:29.966047 WAN 	IGMP
> You can clearly see that the 81.x.x.x are not logged anymore.
> The others are probably logged because they are private IP ranges.
> When I now uncheck "block private networks" (Interfaces -> WAN) the
> firewall won't log any IGMP packet :)

That explains why I never had the problem - my only IGMP packets come
from my ISP's router.

If your "WAN" is in a context where private addresses are meaningful, then
the "block private networks" setting is clearly inappropriate.

If the private addresses are really in somebody else's private network,
then that seems like a bug in multicast routing, in which case the logging
is probably a "feature". :-) Note that IGMP packets are not supposed to be

The "block private networks" setting can always be accomplished with
explicit rules, in which case you can control the order.

					Fred Wright