I have hundreds of Listings per Second with requests to Multicast Adresses with Protocol 2?
The packets are comprehensible but the log ist heavy to read, so i wanted to make a rule to supress loggings for that event. But all i tried did not work.
Hope, someone has an solution.
Thanks
First a welcome at the community!
Did you try to switch off input logging in Firewall Options?
Hallo bbitsch,
thank’s for the fast answer.
Yes, that helps, but supresses all kinds of notifications for incoming packets.
I search for an option to define a Firewall Rule and turn off logging for this special kind of packets. I have done this with lots of other types of packets and it is running fine. But with Multicast Packets, i found no solution.
I try to create rules , which should target this kind of packets. (All/ All/ Dest 224.0.0.1 / All). But nothing worked.
Sorry, I thougt, i’m not the first one who ran into this kind of problem and i only won’t see the forest for the trees.
Thank you anyway !
Hi,
sorry for the tardy reply.
Yes, this would have been the way to go - I am surprised to hear it is not working for you.
Could you try changing the rule (one should be sufficient) this way:
Thanks, and best regards,
Peter MĂĽller
No problem, many thanks for trying to help !
I’m very suprised too about Firewall handling with Multicast Packets.
I create a new rule, but unfortunately no change
I’m having trouble with this too, I need to drop multicast from one host. I can’t for the life of me get this going.
Tried:
Source Host: 192.168.10.7
Destination network: 224.0.0.251
Action: Drop
No drops shown in logs.
Tried this:
Source network: Any
Destination network: 224.0.0.251
Action: Drop
Drops all multicast and shown in logs. Works but not what I’m after.
@callifo
Thats not exactly the same problem.
Which IPFire Version do you use ?
For which Interface do you try to change the settings ?
In my Version (X64 - 2.25 Core 158) all Changes in the Firewall Rules for logging for multicast Pakets (Proto 2) on Red are completely ignored !
No Chance to supress loggings in the Firewall Rules !
Yeah same version. I misunderstood, so your multicast is dropped but it always logs it? Mine doesnt drop and it doesn’t log.
That multicast address you’ve shown are IGMP membership queries, it would be produced by the IGMP Querier or snooping device on the network. It should send packets out every 180 seconds or somewhere near. You need to turn it down?
Hi all,
oh well, I completely overlooked the “DROP_INPUT” snippet in the screenshots provided. 
May I ask you to edit the firewall rule once more, and set its destination to “firewall”, and then choose IPFire’s RED interface?
The reason for this is the underlying behaviour of iptables: Rules having the multicast range set as its destination are placed into the FORWARD chain. However, since IPFire interprets these as being incoming connections, they actually hit the INPUT chain. This is why the rule I proposed in the first place never triggered, and you folks continued to observe these log entries.
Sorry about this. Will have a cup of coffee first next time. 
Thanks, and best regards,
Peter MĂĽller
@callifo
Yes ,the packets are common IGMP queries.
and I hope, that the packets are dropped while the Drop_Input Message shown in log file. ( But i will try to test it shortly)
@pmueller
Thank you very much for trying to help
Please don’t worry that it didn’t work the first time
I am grateful for every attempt to help.
Thank you for explaining the background of your Answer !.
It makes sense and I made this rule :
And yet it is sorted under incoming Firewall.
But unfortunately …
No Change of the Logging
Nevertheless thank you very much !
@all
I did some new Tests and i find a curious solution after trying to change the action to Reject !
But this Behavior and the conditions are very strange and not very logical to me.
I successfully supress the logging under the following conditions :
Destination
only all, Firewall all or red
NOT Firewall red !!
NOT Firewall green
NOT 224.0.0.0/4
Protokoll
All or IGMP
Action
Only Reject
NOT Drop !!
I have a solution, but if someone can explain this Behavior, i would be happy.
I will do some more tests and try to find more details
Thanks @ALL
Your right, its weird, I am unable to use DROP, it must be REJECT. Still can’t use the multicast addresses, perhaps for reasons as mentioned above.
I’ve used
Source: Host IP
Destination: Any
Protocol: UDP
Source Port: 5353
Destination Port 5353
Action: REJECT
Its not specifically targeted at multicast 224.0.0.251, but it captures it through this one, and given its specific to source/destination ports, it shouldn’t drop other traffic hopefully.
Good morning everyone
I put IPFire immediately behind my router (a Fritzbox 7590), from the firewall logs, however, I see that FritzBox continues to query IPFire to discover devices for the mesh network on IPs 224.0.0.1 and 255.255.255.255
These attempts are logged by IPFire but I don’t care (only these of course), how can I create a firewall rule that drops the FritzBox connections to the aforementioned addresses and does not log them?
trying to better explain my request, my aim is to hide these annoying firewall log lines (see image) by inserting a rule on the firewall that drops the two communications (IGMP and UDP 53805) but at the same time does not log them
Hi @roberto
I think your link mentioned takes us back to the top of this thread.
I have also been trying forever to drop multicasts without adding log entry.
Turning off the logging via firewall options also disables logging of any actual dropped traffic. Would be nice in the firewall options to have option to simply drop multicasts without logging
Regards
Hi @attilay2k
I had the same problem with my fritzbox. I was able to turn off log messages with @hobbybyte guidance (Thank you! 
). Unfortunately, the instructions weren’t very clear to me, so here’s a screenshot:
