-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2013-04-06 at 11:04 -0400, Patrick Shanahan wrote:
But on the surface this makes no sense as the origin/input is the router, 192.168.1.1, and the destination is 224.0.0.1
But what do I know ??? :^) *very* little
It is a multicast, so you get it even if it is not your address. I see some hits googling for "DST=224.0.0.1". For example, here <http://www.karakas-online.de/forum/viewtopic.php?t=11302> it says: +++··································· Reason: You use one of those DSL router/firewall boxes that come with a DSL account (e.g. the Arcor Easy Box). The box sends multicast packets (the destination address 224.0.0.1 is a multicast address where all multicast-enabled devices are listening), practically asking for all multicast devices to report themselves. Especially Windows XP likes exchanging traffic from this address as it tries to get its IP autoconfiguration files (a kind of DHCP for IPv6). Arrow Solution: If you use SuSEfirewall2, open /etc/sysconfig/scripts/SuSEfirewall2-custom and find the function fw_custom_before_antispoofing(). Add the line: Code: iptables -A INPUT -j ACCEPT -d 224.0.0.0/24 or Code: iptables -A INPUT -j DROP -d 224.0.0.0/24 before the (line with the) "true" statement, depending on whether you want to accept or drop them (but don't add any logging options). Since the above rule will take care of the multicast packets before anything else, they will accepted or dropped without being logged - and you will be happy! Very Happy ···································++- <http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol> Seems reasonable. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlFgRjYACgkQtTMYHG2NR9V4jQCfQ4OO8pCsaegS3Sx91qqbtFwS JnoAn15+PNVJ5S4Xpw42/r8IYdApIw+W =6jNc -----END PGP SIGNATURE-----