On Monday, 22 October 2018 18:34:13 ACDT Carlos E. R. wrote:
On 22/10/2018 09.30, Per Jessen wrote:
Carlos E. R. wrote:
On 22/10/2018 08.35, Andrei Borzenkov wrote:
22.10.2018 8:46, Carlos E. R. пишет:
On 22/10/2018 04.28, Patrick Shanahan wrote:
from: https://www.centos.org/forums/viewtopic.php?t=60395
(following are one liners) firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
Thanks, I'll try later.
but you could have done that yourself.
No, I could not. I did not, and still do not, know what to search for.
This link is among the first hits searching for "firewalld blocking multicast".
You have to know that it is "multicast".
The address says '224.x.x.x' - 224/4 is all multicast.
Well, yes, but that's something I know only while I'm reading about it, like now. It is not knowledge I have. I confess my ignorance on it. It is not something I thought about when I saw the log entries as something I could google about, so I thought of asking others ;-)
Still, the word "multicast" is not listed in the GUI administration tool to configure the firewalld, so the original question is still valid: how do I enable that traffic using the GUI firewalld administrative tool?
None of the google entries I have seen mention it. And the tool "help" menu is empty, only an "about" entry.
You need to allow IP traffic TO the multicast address. You need to know how how multicast traffic works in relation to unicast and broadcast traffic. Unicast traffic is one-to-one; broadcast traffic is one-to-all; multicast traffic is one-to-many. Multicast group addresses are defined as the 224.0.0.0/4 subnet (that is, 224.0.0.0 to 239.255.255.255). Any traffic TO an address in that range is defined as multicast traffic. Multicast traffic always comes FROM a unicast address, TO the multicast group. Devices that want to receive traffic sent to that group register with their local router using an igmp join message (so you may also need to allow IGMP traffic to/through the firewall). The multicast traffic to the group address is then forwarded on all ports that have a receiver registered for that group. If there are no registered receivers for a group, the multicast traffic won't be forwarded. Note that multicast group addresses in teh 224.0.0.0/24 range are reserved or "well known" multicast addresses used by routing protocols etc. For example, OSPF uses 224.0.0.5 and 224.0.0.6, EIGRP uses 224.0.0.10, PIM uses 224.0.0.39 and 224.0.0.40. HTH. Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org