* Carlos E. R. <robin.listas@telefonica.net> [04-06-13 12:00]:
On Saturday, 2013-04-06 at 11:04 -0400, Patrick Shanahan wrote:
But on the surface this makes no sense as the origin/input is the router, 192.168.1.1, and the destination is 224.0.0.1
But what do I know ??? :^) *very* little
It is a multicast, so you get it even if it is not your address. I see some hits googling for "DST=224.0.0.1". For example, here <http://www.karakas-online.de/forum/viewtopic.php?t=11302> it says:
+++··································· Reason: You use one of those DSL router/firewall boxes that come with a DSL account (e.g. the Arcor Easy Box). The box sends multicast packets (the destination address 224.0.0.1 is a multicast address where all multicast-enabled devices are listening), practically asking for all multicast devices to report themselves. Especially Windows XP likes exchanging traffic from this address as it tries to get its IP autoconfiguration files (a kind of DHCP for IPv6).
Arrow Solution: If you use SuSEfirewall2, open /etc/sysconfig/scripts/SuSEfirewall2-custom and find the function fw_custom_before_antispoofing(). Add the line:
Code:
iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
or
Code:
iptables -A INPUT -j DROP -d 224.0.0.0/24
before the (line with the) "true" statement, depending on whether you want to accept or drop them (but don't add any logging options). Since the above rule will take care of the multicast packets before anything else, they will accepted or dropped without being logged - and you will be happy! Very Happy ···································++-
<http://en.wikipedia.org/wiki/Internet_Group_Management_Protocol>
Seems reasonable.
Agreed. And I am now a Very Happy camper. And educated :^) As vulnerabilities are possibility, also read on other sites, I opted for DROP tks muck, -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org