Re: [opensuse] 224.0.0.1 filling firewall logs
* Jan Ritzerfeld <suse@mailinglists.jan.ritzerfeld.org> [04-06-13 12:36]:
Am Samstag, 6. April 2013, 11:04:33 schrieb Patrick Shanahan:
for the last several days, my firewall logs have exploded with entries about 224.0.0.1 (about multi-cast ??) access from my router: [...] I have not made any changes to this server recently. Why am I suddenly seeing these entries, and what do to about it? [...]
They come from the IGMP proxy implementation of your router. Look at the PROTO=2 part in your logs and check /etc/protocols. If you do not need it, try editing /etc/sysconfig/SuSEfirewall2: FW_SERVICES_DROP_EXT="0/0,igmp"
Thanks, already added custom firewall rule, but also added the sysconfig rule. Will disable the custom firewall rule later to test and confirm. tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Patrick Shanahan <paka@opensuse.org> [04-06-13 12:50]:
* Jan Ritzerfeld <suse@mailinglists.jan.ritzerfeld.org> [04-06-13 12:36]:
Am Samstag, 6. April 2013, 11:04:33 schrieb Patrick Shanahan:
for the last several days, my firewall logs have exploded with entries about 224.0.0.1 (about multi-cast ??) access from my router: [...] I have not made any changes to this server recently. Why am I suddenly seeing these entries, and what do to about it? [...]
They come from the IGMP proxy implementation of your router. Look at the PROTO=2 part in your logs and check /etc/protocols. If you do not need it, try editing /etc/sysconfig/SuSEfirewall2: FW_SERVICES_DROP_EXT="0/0,igmp"
Thanks, already added custom firewall rule, but also added the sysconfig rule. Will disable the custom firewall rule later to test and confirm.
Promised test update. The FW_SERVICES_DROP_EXT="0/0,igmp" rule does not work on my system. I do see on my cisco router that I can "filter" multicast and am enabling that option atm. Will disable iptables rule and test. brb The router filter stops *only* 224.0.0.1 and not >=224.0.0.2. Appears the *only* workable solution is the iptables rule, iptables -A INPUT -j DROP -d 224.0.0.0/24 tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (1)
-
Patrick Shanahan