How to adjust Firewall Rules for Packets to Multicast Addresses

I have hundreds of Listings per Second with requests to Multicast Adresses with Protocol 2?

The packets are comprehensible but the log ist heavy to read, so i wanted to make a rule to supress loggings for that event. But all i tried did not work.

Hope, someone has an solution.

First a welcome at the community!

Did you try to switch off input logging in Firewall Options?

Hallo bbitsch,
thank’s for the fast answer.
Yes, that helps, but supresses all kinds of notifications for incoming packets.
I search for an option to define a Firewall Rule and turn off logging for this special kind of packets. I have done this with lots of other types of packets and it is running fine. But with Multicast Packets, i found no solution.
I try to create rules , which should target this kind of packets. (All/ All/ Dest / All). But nothing worked.
Sorry, I thougt, i’m not the first one who ran into this kind of problem and i only won’t see the forest for the trees.
Thank you anyway !


sorry for the tardy reply.

Yes, this would have been the way to go - I am surprised to hear it is not working for you.

Could you try changing the rule (one should be sufficient) this way:

  • Source network: RED
  • Destination network: (IP range reserved for multicast purposes)
  • Action: Drop

Thanks, and best regards,
Peter Müller

No problem, many thanks for trying to help !
I’m very suprised too about Firewall handling with Multicast Packets.
I create a new rule, but unfortunately no change

I’m having trouble with this too, I need to drop multicast from one host. I can’t for the life of me get this going.

Source Host:
Destination network:
Action: Drop
No drops shown in logs.

Tried this:
Source network: Any
Destination network:
Action: Drop
Drops all multicast and shown in logs. Works but not what I’m after.

Thats not exactly the same problem.
Which IPFire Version do you use ?
For which Interface do you try to change the settings ?

In my Version (X64 - 2.25 Core 158) all Changes in the Firewall Rules for logging for multicast Pakets (Proto 2) on Red are completely ignored !
No Chance to supress loggings in the Firewall Rules !

Yeah same version. I misunderstood, so your multicast is dropped but it always logs it? Mine doesnt drop and it doesn’t log.

That multicast address you’ve shown are IGMP membership queries, it would be produced by the IGMP Querier or snooping device on the network. It should send packets out every 180 seconds or somewhere near. You need to turn it down?

Hi all,

oh well, I completely overlooked the “DROP_INPUT” snippet in the screenshots provided. :expressionless:

May I ask you to edit the firewall rule once more, and set its destination to “firewall”, and then choose IPFire’s RED interface?

The reason for this is the underlying behaviour of iptables: Rules having the multicast range set as its destination are placed into the FORWARD chain. However, since IPFire interprets these as being incoming connections, they actually hit the INPUT chain. This is why the rule I proposed in the first place never triggered, and you folks continued to observe these log entries.

Sorry about this. Will have a cup of coffee first next time. :slight_smile:

Thanks, and best regards,
Peter Müller

Yes ,the packets are common IGMP queries.
and I hope, that the packets are dropped while the Drop_Input Message shown in log file. ( But i will try to test it shortly)

  1. Do you enable Log of discarded incoming packets in options ?
  2. on which interface ist your problem ? - I have this problem only with packets on the red Interface.

Thank you very much for trying to help :slight_smile:

Please don’t worry that it didn’t work the first time
I am grateful for every attempt to help.

Thank you for explaining the background of your Answer !.
It makes sense and I made this rule :

And yet it is sorted under incoming Firewall.

But unfortunately …

No Change of the Logging

Nevertheless thank you very much !

I did some new Tests and i find a curious solution after trying to change the action to Reject !
But this Behavior and the conditions are very strange and not very logical to me.

I successfully supress the logging under the following conditions :

only all, Firewall all or red
NOT Firewall red !!
NOT Firewall green

All or IGMP

Only Reject
NOT Drop !!

I have a solution, but if someone can explain this Behavior, i would be happy.
I will do some more tests and try to find more details

Thanks @ALL

1 Like

Your right, its weird, I am unable to use DROP, it must be REJECT. Still can’t use the multicast addresses, perhaps for reasons as mentioned above.

I’ve used
Source: Host IP
Destination: Any
Protocol: UDP
Source Port: 5353
Destination Port 5353
Action: REJECT

Its not specifically targeted at multicast, but it captures it through this one, and given its specific to source/destination ports, it shouldn’t drop other traffic hopefully.

sorry if i open agai this thread, but the solution doesn’t work for me

Good morning everyone
I put IPFire immediately behind my router (a Fritzbox 7590), from the firewall logs, however, I see that FritzBox continues to query IPFire to discover devices for the mesh network on IPs and

These attempts are logged by IPFire but I don’t care (only these of course), how can I create a firewall rule that drops the FritzBox connections to the aforementioned addresses and does not log them?

trying to better explain my request, my aim is to hide these annoying firewall log lines (see image) by inserting a rule on the firewall that drops the two communications (IGMP and UDP 53805) but at the same time does not log them

Hi @attilay2k

Using the search engine I have found this that may help you.



Hi @roberto

I think your link mentioned takes us back to the top of this thread.
I have also been trying forever to drop multicasts without adding log entry.
Turning off the logging via firewall options also disables logging of any actual dropped traffic. Would be nice in the firewall options to have option to simply drop multicasts without logging :slight_smile:


Hi @attilay2k

I had the same problem with my fritzbox. I was able to turn off log messages with @hobbybyte guidance (Thank you! :slight_smile: ). Unfortunately, the instructions weren’t very clear to me, so here’s a screenshot: