[opensuse] firewalld: how to allow these?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, on my small laptop freshly installed with Leap 15.0 I get messages about blocking what I think are multicast from my router and my printer: 2018-06-21T14:23:38.716460+02:00 Legolas kernel: [103133.028003] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 2018-06-21T14:23:39.335490+02:00 Legolas kernel: [103133.646980] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27960 PROTO=2 2018-06-21T14:23:53.727071+02:00 Legolas kernel: [103148.037439] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 2018-06-21T14:23:54.618662+02:00 Legolas kernel: [103148.928963] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27962 PROTO=2 2018-06-21T14:24:08.737467+02:00 Legolas kernel: [103163.046676] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2 2018-06-21T14:24:09.560495+02:00 Legolas kernel: [103163.869636] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27964 PROTO=2 192.168.1.1 is the router, and 192.168.1.3 is the HP printer. On my computers running 42.3 I don't see similar messages, but also I don't specificall open anything mentioning "224...". I'm not familiar at all with the new firewalld, so I don't know what I should open. Or not. - -- Cheers Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlsrmqIACgkQtTMYHG2NR9WuxgCffsPO4fxl084BTsa0Ml1b0DOb fnIAmwc76ZcSuNOxnSHh7FgGHSwH2uUd =L8W4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
on my small laptop freshly installed with Leap 15.0 I get messages about blocking what I think are multicast from my router and my printer:
2018-06-21T14:23:38.716460+02:00 Legolas kernel: [103133.028003] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
protocol 2 is IGMP, so probably from your router.
2018-06-21T14:23:39.335490+02:00 Legolas kernel: [103133.646980] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27960 PROTO=2
224.0.0.251 is used by mDNS, I believe. I think this might be your printer saying "I want to use mDNS", but I don't know IGMP very well.
On my computers running 42.3 I don't see similar messages, but also I don't specificall open anything mentioning "224...".
Run a tcpdump, you'll see the same. Maybe the susefirewall opens for those by default?
I'm not familiar at all with the new firewalld, so I don't know what I should open. Or not.
What to open is a matter for you to decide :-) How to open - I guess that is covered in the firewalld gui ? -- Per Jessen, Zürich (26.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-21 15:11, Per Jessen wrote:
Carlos E. R. wrote:
on my small laptop freshly installed with Leap 15.0 I get messages about blocking what I think are multicast from my router and my printer:
2018-06-21T14:23:38.716460+02:00 Legolas kernel: [103133.028003] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:f8:8e:85:64:78:f2:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
protocol 2 is IGMP, so probably from your router.
Yes, 192.168.1.1 is the router.
2018-06-21T14:23:39.335490+02:00 Legolas kernel: [103133.646980] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:1e:0b:08:4c:cb:08:00 SRC=192.168.1.3 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=27960 PROTO=2
224.0.0.251 is used by mDNS, I believe. I think this might be your printer saying "I want to use mDNS", but I don't know IGMP very well.
Yes, could be that. The setting in SuSEfirewal2 is this: # Type: string(yes,no) # # Suppress logging of dropped broadcast packets. Useful if you don't allow # broadcasts on a LAN interface. # # This affects both broadcast and multicast packets for both IPv4 and IPv6 # # This setting only affects packets that are not allowed according # to FW_ALLOW_FW_BROADCAST_* <===== # # Format: either # - "yes" or "no" # - list of udp destination ports # # Examples: - "631 137" silently drop broadcast packets on port 631 and 137 # - "yes" do not log dropped broadcast packets # - "no" log all dropped broadcast packets # # # defaults to "yes" FW_IGNORE_FW_BROADCAST_EXT="" So they are simply not logged. The setting to allow bcast or not is this: #CER: allow samba broadcasts FW_ALLOW_FW_BROADCAST_EXT="netbios-ns netbios-dgm"
On my computers running 42.3 I don't see similar messages, but also I don't specificall open anything mentioning "224...".
Run a tcpdump, you'll see the same. Maybe the susefirewall opens for those by default?
I'm not familiar at all with the new firewalld, so I don't know what I should open. Or not.
What to open is a matter for you to decide :-) How to open - I guess that is covered in the firewalld gui ?
That GUI is quite difficult to understand. But I see a service named "mdns". I'll try. [...] Nope, no result. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
participants (2)
-
Carlos E. R. -
Per Jessen