![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#1 2017-01-18 18:41:18
- EnochRoot
- Member
- From: Just outside London, UK
- Registered: 2015-12-08
- Posts: 43
Configuring gufw/ufw to handle multicast traffic from router [SOLVED]
Have recently configured gufw/ufw on a couple of my boxes and am spotting a couple of annoying entries in the logs which are "cluttering" up my logcheck emails.
Example entries are shown below
Jan 18 17:55:36 hostname kernel: [19261.444171] [UFW BLOCK] IN=enp5s0 OUT= MAC= SRC=192.168.0.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=55096 PROTO=2
Jan 18 17:56:44 hostname kernel: [19329.364672] [UFW BLOCK] IN=enp5s0 OUT= MAC= SRC=192.168.0.1 DST=224.0.0.251 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3994 PROTO=2
The source is my router, and the destination shows these are multicast addresses, which I believe are IGMP packets (224.0.0.1) bonjour/mDNS/Avahi (224.0.0.251). My router is a Virgin Cable router so the configuration options on there are not the best. I don't believe I have an issue with the packets being blocked, but at first I tried to allow them from gufw, specifying them as UDP from my router, targetting the two multicast addresses.
Have also tried adding rules via ufw to allow this traffic, but am still seeing the entries in the log.
sudo ufw allow in proto udp to 224.0.0.1 from 192.168.0.1
I've seen some references on the web about adding entries to the ufw rules in /etc to support IGMP.
Anyone got an idea on how to fix, I don't mind allowing the traffic through, or denying it from config, as long as the entries don't appear in the logs !
Cheers
Enoch
Last edited by EnochRoot (2017-01-19 09:26:49)
Offline
#2 2017-01-19 09:26:15
- EnochRoot
- Member
- From: Just outside London, UK
- Registered: 2015-12-08
- Posts: 43
Re: Configuring gufw/ufw to handle multicast traffic from router [SOLVED]
Fixed my issue by simply adding rules to deny (without logging) all traffic from my router to the two multicast addresses in question. I'd previously tried this, but had been specifying UDP which somehow stopped it from working possibly because the protocol was IGMP.
Offline
#3 2017-01-20 14:56:42
- EnochRoot
- Member
- From: Just outside London, UK
- Registered: 2015-12-08
- Posts: 43
Re: Configuring gufw/ufw to handle multicast traffic from router [SOLVED]
Thanks for that nobody, I have fixed the issue with the addition of a couple of generic rules as described in an earlier post. Ufw out of the box denies all incoming requests and logs them, so I just had to explicitly deny from my routers IP to the two broadcast groups in question - had tried it before, but had specified UDP rather than saying all.
Of course now that my logs are clear of that noise, am seeing a few TCP connection attempts to high numbered ports on my side, but will post a separate query about those now....
Cheers
Enoch
Offline