On 10/21/18 2:38 PM, Carlos E. R. wrote:
On 21/10/2018 23.23, Carlos E. R. wrote:
On 21/10/2018 23.01, Bruce Ferrell wrote:
On 10/21/18 1:19 PM, Carlos E. R. wrote: ...
multicast traffic IS generally dropped by routers and should be kept INSIDE YOUR firewall, not passed out through it nor allowed in.
If you have a router emitting multicast traffic, it so so that it or some process on it can coordinate with other instances of it's own "kind" on the LAN the particular interface is connected to.
If you use tcpdump/wireshark on a network with OS X/Macs/Avahi/Windows Bonjour operating, you'll see a lot of these packets. Multicast packets are how the OS X network advertising protocol(s) work. I've also worked in places where multicast packets were used to coordinate bandwdth sharing between local instances of high bandwidth applications (I'm using/want to use X bandwidth), listening instances would themselves adjust and advertise to that. Ok, so how do I tell the openSUSE firewalld to allow those packages in? Other machines running Leap 42.3 and SuSEfirewal2 in the same network do not complain, and I use:
FW_IGNORE_FW_BROADCAST_EXT="no"
I'm running leap 15 so there is a module in yast for it. If you still have the iptables cli available you could do something like: iptables -A INPUT -s 224.0.0.0/8 -i <external interface name> -j ACCEPT I tend to create separate "chains" for special purpose rule sets and add the chain to the beginning of the firewall rule set... It makes keeping track easier. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org