Hi, I get these messages in the firewall log, using firewalld: 2022-04-20T22:18:58.849017+02:00 Elesar kernel: [13052.961056] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:b0:a7:b9:ae:05:3c:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 They come from the router. proto=2 means IGMP. What do I have to do, using the firewall-config application, to allow those packages? Would it be to add protocol "igmp" in the protocol tab? It seems to work, but I don't know if that is the correct method. -- Cheers / Saludos, Carlos E. R. (from Elesar, using openSUSE Leap 15.3)
On Wed, 2022-04-20 at 22:31 +0200, Carlos E. R. wrote:
Hi,
I get these messages in the firewall log, using firewalld:
2022-04-20T22:18:58.849017+02:00 Elesar kernel: [13052.961056] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:b0:a7:b9:ae:05:3c:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
They come from the router. proto=2 means IGMP.
What do I have to do, using the firewall-config application, to allow those packages?
Would it be to add protocol "igmp" in the protocol tab? It seems to work, but I don't know if that is the correct method.
I generally use firewall-cmd and rich-rules, but it seems like 'firewall-config' is basically a GUI frontend to that. I used to make varied use of 'firewall-config' in my Red Hat support days, but since switching to Arch, then to SUSE I just add rich-rules when I need them. I have this rule [1] on 2 hosts which make use of PyChromecast via 'catt' so I can send video from a desktop or Raspberry Pi 4 to chromecast devices: [1]: rule family="ipv4" destination address="224.0.0.0/24" protocol value="udp" accept This allows 'catt scan' to find the devices and stream to them. Back with Arch, I have this entry [2] saved as a historical reference (since I'm 100% SUSE now-a-days) - but I've not needed it and things work as they did when my desktop and rpi4 were both Arch: [2]: firewall-cmd --permanent --add-rich-rule='rule family=ipv4 protocol value=igmp accept' Hope that's somewhat useful, or that someone else can give you more pertinent info. -- ~ Scott Bradnick |- Windows Subsystem for Linux (WSL) Developer |-- Tumbleweed: |--- Dell Precision 5540 [NVIDIA Quadro T1000] (x86_64) |--- O-DROID H2+ [UHD Graphics 600] (x86_64) |--- 2x Raspberry Pi 4 Model B Rev 1.2 (aarch64) |--- WinBook TW100 (x86_64) https://keys.openpgp.org/ :: DBC5AA9A2D2BAEBC
participants (2)
-
Carlos E. R.
-
Scott Bradnick