On 21/10/2018 23.01, Bruce Ferrell wrote:
On 10/21/18 1:19 PM, Carlos E. R. wrote:
Hi,
I get these messages in the firewall log:
<0.4> 2018-10-21 22:16:14 Legolas kernel - - - [ 5112.933551] FINAL_REJECT: IN=wlan1 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 <0.4> 2018-10-21 22:16:29 Legolas kernel - - - [ 5128.151646] FINAL_REJECT: IN=wlan1 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 <0.4> 2018-10-21 22:16:44 Legolas kernel - - - [ 5143.203427] FINAL_REJECT: IN=wlan1 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
I understand it is a broadcast from the router, probably trying to find information about the local network. How do I tell the firewalld to accept them? I have no idea.
Any IP address that has 224 as it's first octet is called multicast, not broadcast.
Although it may seem to be the same thing, it's important to understand the difference.
At one time, long ago there was an experimental internet backbone called "The Mbone"... See this wikipedia entry:
https://en.wikipedia.org/wiki/Mbone
multicast traffic IS generally dropped by routers and should be kept INSIDE YOUR firewall, not passed out through it nor allowed in.
If you have a router emitting multicast traffic, it so so that it or some process on it can coordinate with other instances of it's own "kind" on the LAN the particular interface is connected to.
If you use tcpdump/wireshark on a network with OS X/Macs/Avahi/Windows Bonjour operating, you'll see a lot of these packets. Multicast packets are how the OS X network advertising protocol(s) work. I've also worked in places where multicast packets were used to coordinate bandwdth sharing between local instances of high bandwidth applications (I'm using/want to use X bandwidth), listening instances would themselves adjust and advertise to that.
Ok, so how do I tell the openSUSE firewalld to allow those packages in? -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)