IGMP LAN network traffic - block or allow?
by postcd from LinuxQuestions.org on (#4XV4S)
Hi, on Raspbian 10, in /var/log/syslog
i seen lines like:
Code:raspberrypi kernel: [163349.859013] [UFW BLOCK] IN=eth0 OUT= MAC=AAA SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=2 ID=0 DF PROTO=2i found the command "tcpdump -p -n -e host 224.0.0.1"
and it reports lines like:
Code:14:52:01.423236 BBB > CCC, ethertype IPv4 (0x0800), length 60: 192.168.1.1 > 224.0.0.1: igmp query v2 [max resp time 1] [gaddr 234.21.81.1]BBB may be the MAC address of my LAN/WAN router, since the command "arp -a" shows same kind of address next my router IP.
in ufw manual i have found following:
Quote:
but i do not know if i want to block it. i am surprised it is blocked, since iptables -L shown no rules with default policy ACCEPT and after installing ufw firewall i only rate-limitted port 22 so i would think everything else is allowed :-/
What do you think about that igmp requests and what would you do with it? Thank you
i seen lines like:
Code:raspberrypi kernel: [163349.859013] [UFW BLOCK] IN=eth0 OUT= MAC=AAA SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=2 ID=0 DF PROTO=2i found the command "tcpdump -p -n -e host 224.0.0.1"
and it reports lines like:
Code:14:52:01.423236 BBB > CCC, ethertype IPv4 (0x0800), length 60: 192.168.1.1 > 224.0.0.1: igmp query v2 [max resp time 1] [gaddr 234.21.81.1]BBB may be the MAC address of my LAN/WAN router, since the command "arp -a" shows same kind of address next my router IP.
in ufw manual i have found following:
Quote:
| ufw deny in on eth0 to 224.0.0.1 proto igmp This will deny all igmp traffic to 224.0.0.1 on the eth0 interface. |
What do you think about that igmp requests and what would you do with it? Thank you