On 2018-06-21 15:11, Per Jessen wrote:
Carlos E. R. wrote:
on my small laptop freshly installed with Leap 15.0 I get messages about blocking what I think are multicast from my router and my printer:
2018-06-21T14:23:38.716460+02:00 Legolas kernel: [103133.028003] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
protocol 2 is IGMP, so probably from your router.
Yes, 192.168.1.1 is the router.
2018-06-21T14:23:39.335490+02:00 Legolas kernel: [103133.646980] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27960 PROTO=2
224.0.0.251 is used by mDNS, I believe. I think this might be your printer saying "I want to use mDNS", but I don't know IGMP very well.
Yes, could be that. The setting in SuSEfirewal2 is this: # Type: string(yes,no) # # Suppress logging of dropped broadcast packets. Useful if you don't allow # broadcasts on a LAN interface. # # This affects both broadcast and multicast packets for both IPv4 and IPv6 # # This setting only affects packets that are not allowed according # to FW_ALLOW_FW_BROADCAST_* <===== # # Format: either # - "yes" or "no" # - list of udp destination ports # # Examples: - "631 137" silently drop broadcast packets on port 631 and 137 # - "yes" do not log dropped broadcast packets # - "no" log all dropped broadcast packets # # # defaults to "yes" FW_IGNORE_FW_BROADCAST_EXT="" So they are simply not logged. The setting to allow bcast or not is this: #CER: allow samba broadcasts FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm"
On my computers running 42.3 I don't see similar messages, but also I don't specificall open anything mentioning "224...".
Run a tcpdump, you'll see the same. Maybe the susefirewall opens for those by default?
I'm not familiar at all with the new firewalld, so I don't know what I should open. Or not.
What to open is a matter for you to decide :-) How to open - I guess that is covered in the firewalld gui ?
That GUI is quite difficult to understand. But I see a service named "mdns". I'll try. [...] Nope, no result. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)