Unknow entry in IPFW log

Gerard

Gerard

Using FreeBSD-8/amd64

I am in the process of setting up an IPFW firewall. It appears to be working correctly; however, I am finding this in the security.log file:

Code: 
Apr 28 12:35:50 scorpio kernel: ipfw: 4400 Deny P:2 192.168.1.1 224.0.0.1 in via nfe0

This appears to be from the catchall deny rule. I cannot find any documentation on what the "P:2" notation means. x(

Also, should "224.0.0.1" be blocked? I tried Googling and found several listings indicating that it should be allowed? Is that correct? :q

Thanks! :beergrin
 
224.0.0.1 is multicast. Most likely sent by a (cisco) switch on your network. Just leave it blocked.
 
Checking /etc/protocols shows P:2 (protocol) to be IGMP, the Internet Group Management Protocol, which is used on multicast networks. 224.0.0.0 is used for multicast. Thus, there's something on your network trying to use multicast.

If your host is not part of a multicast group, then you can ignore that deny rule.
If your host should be part of a multicast group, then you'll need to allow traffic to/from 224.0.0.0 subnet.
 
You must log in or register to reply here.
Back
Top