-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2018-10-21 a las 15:31 -0700, Bruce Ferrell escribió:
On 10/21/18 2:38 PM, Carlos E. R. wrote:
On 21/10/2018 23.23, Carlos E. R. wrote:
On 21/10/2018 23.01, Bruce Ferrell wrote:
On 10/21/18 1:19 PM, Carlos E. R. wrote: ...
multicast traffic IS generally dropped by routers and should be kept INSIDE YOUR firewall, not passed out through it nor allowed in.
If you have a router emitting multicast traffic, it so so that it or some process on it can coordinate with other instances of it's own "kind" on the LAN the particular interface is connected to.
If you use tcpdump/wireshark on a network with OS X/Macs/Avahi/Windows Bonjour operating, you'll see a lot of these packets. Multicast packets are how the OS X network advertising protocol(s) work. I've also worked in places where multicast packets were used to coordinate bandwdth sharing between local instances of high bandwidth applications (I'm using/want to use X bandwidth), listening instances would themselves adjust and advertise to that. Ok, so how do I tell the openSUSE firewalld to allow those packages in? Other machines running Leap 42.3 and SuSEfirewal2 in the same network do not complain, and I use:
FW_IGNORE_FW_BROADCAST_EXT="no"
I'm running leap 15 so there is a module in yast for it.
I know. The laptop has 15.0.
If you still have the iptables cli available you could do something like:
iptables -A INPUT -s 224.0.0.0/8 -i <external interface name> -j ACCEPT
I tend to create separate "chains" for special purpose rule sets and add the chain to the beginning of the firewall rule set... It makes keeping track easier.
No, I want to do it in the official 15.0 YaST way. Using the yast module to configure the firewall, that is called firewalld. I mentioned 42.3 to say that the machines that run 42.3 in the same network do not complain, but the one that runs 15.0 complains and block those packets. I want to allow them in 15.0 - -- Cheers Carlos E. R. (from openSUSE 15.0 (Legolas)) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCW80Stxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV2WkAn0JyCp2LYiyib6mOkEH4 7eeJXifIAJ99qrWLUTGRQCIhe5wXfHJWw43lLw== =VAYS -----END PGP SIGNATURE-----