The packets are comprehensible but the log ist heavy to read, so i wanted to make a rule to supress loggings for that event. But all i tried did not work.
Hallo bbitsch,
thank’s for the fast answer.
Yes, that helps, but supresses all kinds of notifications for incoming packets.
I search for an option to define a Firewall Rule and turn off logging for this special kind of packets. I have done this with lots of other types of packets and it is running fine. But with Multicast Packets, i found no solution.
I try to create rules , which should target this kind of packets. (All/ All/ Dest 224.0.0.1 / All). But nothing worked.
Sorry, I thougt, i’m not the first one who ran into this kind of problem and i only won’t see the forest for the trees.
Thank you anyway !
No problem, many thanks for trying to help !
I’m very suprised too about Firewall handling with Multicast Packets.
I create a new rule, but unfortunately no change
@callifo
Thats not exactly the same problem.
Which IPFire Version do you use ?
For which Interface do you try to change the settings ?
In my Version (X64 - 2.25 Core 158) all Changes in the Firewall Rules for logging for multicast Pakets (Proto 2) on Red are completely ignored ! No Chance to supress loggings in the Firewall Rules !
Yeah same version. I misunderstood, so your multicast is dropped but it always logs it? Mine doesnt drop and it doesn’t log.
That multicast address you’ve shown are IGMP membership queries, it would be produced by the IGMP Querier or snooping device on the network. It should send packets out every 180 seconds or somewhere near. You need to turn it down?
oh well, I completely overlooked the “DROP_INPUT” snippet in the screenshots provided.
May I ask you to edit the firewall rule once more, and set its destination to “firewall”, and then choose IPFire’s RED interface?
The reason for this is the underlying behaviour of iptables: Rules having the multicast range set as its destination are placed into the FORWARD chain. However, since IPFire interprets these as being incoming connections, they actually hit the INPUT chain. This is why the rule I proposed in the first place never triggered, and you folks continued to observe these log entries.
Sorry about this. Will have a cup of coffee first next time.
@callifo
Yes ,the packets are common IGMP queries.
and I hope, that the packets are dropped while the Drop_Input Message shown in log file. ( But i will try to test it shortly)
Do you enable Log of discarded incoming packets in options ?
on which interface ist your problem ? - I have this problem only with packets on the red Interface.
@all
I did some new Tests and i find a curious solution after trying to change the action to Reject !
But this Behavior and the conditions are very strange and not very logical to me.
I successfully supress the logging under the following conditions :
Destination
only all, Firewall all or red
NOT Firewall red !!
NOT Firewall green
NOT 224.0.0.0/4
Protokoll
All or IGMP
Action
Only Reject
NOT Drop !!
I have a solution, but if someone can explain this Behavior, i would be happy.
I will do some more tests and try to find more details
Your right, its weird, I am unable to use DROP, it must be REJECT. Still can’t use the multicast addresses, perhaps for reasons as mentioned above.
I’ve used
Source: Host IP
Destination: Any
Protocol: UDP
Source Port: 5353
Destination Port 5353
Action: REJECT
Its not specifically targeted at multicast 224.0.0.251, but it captures it through this one, and given its specific to source/destination ports, it shouldn’t drop other traffic hopefully.
Good morning everyone
I put IPFire immediately behind my router (a Fritzbox 7590), from the firewall logs, however, I see that FritzBox continues to query IPFire to discover devices for the mesh network on IPs 224.0.0.1 and 255.255.255.255
These attempts are logged by IPFire but I don’t care (only these of course), how can I create a firewall rule that drops the FritzBox connections to the aforementioned addresses and does not log them?
trying to better explain my request, my aim is to hide these annoying firewall log lines (see image) by inserting a rule on the firewall that drops the two communications (IGMP and UDP 53805) but at the same time does not log them
I think your link mentioned takes us back to the top of this thread.
I have also been trying forever to drop multicasts without adding log entry.
Turning off the logging via firewall options also disables logging of any actual dropped traffic. Would be nice in the firewall options to have option to simply drop multicasts without logging
I had the same problem with my fritzbox. I was able to turn off log messages with @hobbybyte guidance (Thank you! ). Unfortunately, the instructions weren’t very clear to me, so here’s a screenshot: